Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Crosshair-X.exe

Overview

General Information

Sample name:Crosshair-X.exe
Analysis ID:1581745
MD5:ffc5dbf6966dd3383faeed15eafeeee9
SHA1:dd1c357fa9c982a3a7824f7ef7043c8185e1ab0c
SHA256:ba21ca2f38d1d1c6b72b3974c3e610080fc1dd0c82fefa7a5b2d5ece070cd5f9
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Crosshair-X.exe (PID: 5288 cmdline: "C:\Users\user\Desktop\Crosshair-X.exe" MD5: FFC5DBF6966DD3383FAEED15EAFEEEE9)
    • conhost.exe (PID: 2008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Crosshair-X.exe (PID: 4464 cmdline: "C:\Users\user\Desktop\Crosshair-X.exe" MD5: FFC5DBF6966DD3383FAEED15EAFEEEE9)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["bellflamre.click", "screwamusresz.buzz", "inherineau.buzz", "appliacnesot.buzz", "scentniej.buzz", "cashfuzysao.buzz", "prisonyfork.buzz", "rebuildeso.buzz", "hummskitnj.buzz"], "Build id": "LPnhqo--imqylxxhmnff"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:29.455229+010020283713Unknown Traffic192.168.2.449730104.121.10.34443TCP
      2024-12-28T22:04:32.056310+010020283713Unknown Traffic192.168.2.449731104.21.66.86443TCP
      2024-12-28T22:04:33.556119+010020283713Unknown Traffic192.168.2.449732104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:32.804055+010020546531A Network Trojan was detected192.168.2.449731104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:32.804055+010020498361A Network Trojan was detected192.168.2.449731104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:27.056657+010020585721Domain Observed Used for C2 Detected192.168.2.4561011.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:25.580278+010020582121Domain Observed Used for C2 Detected192.168.2.4572771.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:27.287632+010020585761Domain Observed Used for C2 Detected192.168.2.4624041.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:27.558459+010020585781Domain Observed Used for C2 Detected192.168.2.4599811.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:26.540857+010020585801Domain Observed Used for C2 Detected192.168.2.4627391.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:25.816923+010020585841Domain Observed Used for C2 Detected192.168.2.4651531.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:26.036008+010020585861Domain Observed Used for C2 Detected192.168.2.4528351.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:26.265858+010020585881Domain Observed Used for C2 Detected192.168.2.4603621.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:26.770947+010020585901Domain Observed Used for C2 Detected192.168.2.4590041.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T22:04:30.363659+010028586661Domain Observed Used for C2 Detected192.168.2.449730104.121.10.34443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: https://lev-tolstoi.com/vopAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/pi&Avira URL Cloud: Label: malware
      Source: https://cashfuzysao.buzz/apiAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/apipEAvira URL Cloud: Label: malware
      Source: https://hummskitnj.buzz/apiAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/voAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/pi-Avira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/$BAvira URL Cloud: Label: malware
      Source: https://appliacnesot.buzz/apiAvira URL Cloud: Label: malware
      Found malware configuration
      Source: 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["bellflamre.click", "screwamusresz.buzz", "inherineau.buzz", "appliacnesot.buzz", "scentniej.buzz", "cashfuzysao.buzz", "prisonyfork.buzz", "rebuildeso.buzz", "hummskitnj.buzz"], "Build id": "LPnhqo--imqylxxhmnff"}
      Multi AV Scanner detection for submitted file
      Source: Crosshair-X.exeVirustotal: Detection: 32%Perma Link
      Machine Learning detection for sample
      Source: Crosshair-X.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: hummskitnj.buzz
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: cashfuzysao.buzz
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: appliacnesot.buzz
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: screwamusresz.buzz
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: inherineau.buzz
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: scentniej.buzz
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: rebuildeso.buzz
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: prisonyfork.buzz
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bellflamre.click
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
      Source: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: LPnhqo--imqylxxhmnff
      Source: Crosshair-X.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.4:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_00861FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00861FE9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp word ptr [eax+edx+02h], 0000h2_2_0040AECE
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx edi, byte ptr [edx]2_2_0040AECE
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]2_2_0043DFFB
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 31E2A9F4h2_2_00439870
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then test eax, eax2_2_00439870
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 4B1BF3DAh2_2_00439870
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_0042A010
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+589521F5h]2_2_00440810
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-000000E4h]2_2_00426820
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-77h]2_2_00426820
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp edx2_2_00423026
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov eax, dword ptr [esp]2_2_00423026
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp edx2_2_00423026
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], EABBD981h2_2_0040E030
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov esi, dword ptr [ebp+08h]2_2_00416036
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov byte ptr [esi], al2_2_00416036
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then lea ebx, dword ptr [edi-80000000h]2_2_00416036
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ebx, bx2_2_004258CC
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov word ptr [esi], cx2_2_0041D0A0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov edx, ecx2_2_004151B0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp word ptr [esi+ecx+02h], 0000h2_2_00414A40
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov word ptr [edx], cx2_2_00414A40
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-45h]2_2_00414A40
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov ecx, ebx2_2_00414A40
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov edx, ecx2_2_00414A40
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov esi, eax2_2_0041E240
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+04AB0530h]2_2_0041E240
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_00435A00
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ecx, byte ptr [ebx+eax+38A2D7F7h]2_2_00429211
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx eax, word ptr [ebp+ecx+00h]2_2_00422220
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp ecx2_2_004252C9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+000000A0h]2_2_00422AC9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], DA026237h2_2_00422AC9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp word ptr [esi+eax+02h], 0000h2_2_00419A92
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ecx, byte ptr [ebx+eax+38A2D7F7h]2_2_004292B0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0042DB13
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp word ptr [esi+edi+02h], 0000h2_2_00428310
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov edi, esi2_2_0043EB88
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]2_2_00402BB0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov edx, ecx2_2_0040C3B4
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov ecx, eax2_2_0042C47F
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov edx, ecx2_2_0042C47F
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+589521F5h]2_2_00440400
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_00407410
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_00407410
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-748B770Eh]2_2_00440C30
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov byte ptr [esi], al2_2_0042DCE4
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+04273BF7h]2_2_0040E498
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov ebx, edx2_2_0043F540
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp ecx2_2_0043F540
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp eax2_2_00439550
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+0Ch]2_2_00438DC0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov ecx, ebp2_2_00408DE0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00421E40
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp ecx2_2_0043F660
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp ecx2_2_0043F67B
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp ecx2_2_0043F679
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp byte ptr [esi+ebp], 00000000h2_2_0042A630
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov byte ptr [esi], al2_2_0042C6E3
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp eax2_2_00427EEB
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp word ptr [esi+edi+02h], 0000h2_2_00428690
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then cmp word ptr [ebp+ecx+00h], 0000h2_2_00422750
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00422750
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov ecx, eax2_2_0042B75C
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov ecx, eax2_2_0042B766
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax]2_2_00423730
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then push esi2_2_00420FC3
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then jmp ecx2_2_0043F7A0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 4x nop then mov ecx, eax2_2_0042B5D9

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.4:65153 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.4:52835 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.4:60362 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.4:62404 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.4:59981 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.4:56101 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.4:62739 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.4:59004 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058212 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click) : 192.168.2.4:57277 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.121.10.34:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.66.86:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: bellflamre.click
      Source: Malware configuration extractorURLs: screwamusresz.buzz
      Source: Malware configuration extractorURLs: inherineau.buzz
      Source: Malware configuration extractorURLs: appliacnesot.buzz
      Source: Malware configuration extractorURLs: scentniej.buzz
      Source: Malware configuration extractorURLs: cashfuzysao.buzz
      Source: Malware configuration extractorURLs: prisonyfork.buzz
      Source: Malware configuration extractorURLs: rebuildeso.buzz
      Source: Malware configuration extractorURLs: hummskitnj.buzz
      Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
      Source: Joe Sandbox ViewIP Address: 104.121.10.34 104.121.10.34
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.121.10.34:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.66.86:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: Crosshair-X.exe, 00000002.00000003.1751446494.000000000325A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connec equals www.youtube.com (Youtube)
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=01822199e6c2252921d66452; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 28 Dec 2024 21:04:30 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: t-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: bellflamre.click
      Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
      Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
      Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
      Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
      Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
      Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
      Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
      Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: Crosshair-X.exeString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
      Source: Crosshair-X.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: Crosshair-X.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: Crosshair-X.exeString found in binary or memory: http://crl.entrust.net/2048ca.crl0
      Source: Crosshair-X.exeString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
      Source: Crosshair-X.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: Crosshair-X.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: Crosshair-X.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
      Source: Crosshair-X.exeString found in binary or memory: http://ocsp.digicert.com0
      Source: Crosshair-X.exeString found in binary or memory: http://ocsp.digicert.com0A
      Source: Crosshair-X.exeString found in binary or memory: http://ocsp.entrust.net02
      Source: Crosshair-X.exeString found in binary or memory: http://ocsp.entrust.net03
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781997835.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782391559.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774488846.0000000003236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: Crosshair-X.exeString found in binary or memory: http://www.digicert.com/CPS0
      Source: Crosshair-X.exeString found in binary or memory: http://www.entrust.net/rpa03
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: Crosshair-X.exe, 00000002.00000003.1751400814.000000000324A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appliacnesot.buzz/api
      Source: Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.000000000323F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
      Source: Crosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1782021358.000000000324A000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782438282.000000000324B000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751400814.000000000324A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cashfuzysao.buzz/api
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781997835.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782391559.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774488846.0000000003236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: Crosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1782021358.000000000324A000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782438282.000000000324B000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751400814.000000000324A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hummskitnj.buzz/api
      Source: Crosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781975436.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774464726.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782450389.000000000325A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/$B
      Source: Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774464726.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782450389.000000000325A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: Crosshair-X.exe, 00000002.00000003.1781975436.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782450389.000000000325A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apipE
      Source: Crosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774464726.0000000003259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apis
      Source: Crosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774464726.0000000003259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
      Source: Crosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781975436.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774464726.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782450389.000000000325A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi&
      Source: Crosshair-X.exe, 00000002.00000002.1782309305.0000000003214000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi-
      Source: Crosshair-X.exe, 00000002.00000002.1782309305.0000000003214000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/vo
      Source: Crosshair-X.exe, 00000002.00000003.1781975436.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782450389.000000000325A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/vop
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751400814.000000000324A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.000000000323F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781997835.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782391559.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774488846.0000000003236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
      Source: Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: Crosshair-X.exeString found in binary or memory: https://www.entrust.net/rpa0
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownHTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.4:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00433330 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,2_2_00433330
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00433330 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,2_2_00433330
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004334D0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,2_2_004334D0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_008410000_2_00841000
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_0084F5550_2_0084F555
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_008677920_2_00867792
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_00859CC00_2_00859CC0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_00865C5E0_2_00865C5E
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_00853FB20_2_00853FB2
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004418002_2_00441800
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0040BA352_2_0040BA35
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0040AECE2_2_0040AECE
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004086802_2_00408680
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043DFFB2_2_0043DFFB
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043F0502_2_0043F050
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004400602_2_00440060
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004398702_2_00439870
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004180032_2_00418003
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004408102_2_00440810
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004268202_2_00426820
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004230262_2_00423026
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0041702A2_2_0041702A
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004160362_2_00416036
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004380E52_2_004380E5
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043C8F02_2_0043C8F0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043C0902_2_0043C090
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0040A8A02_2_0040A8A0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0041D8A02_2_0041D8A0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042D0B62_2_0042D0B6
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004158BA2_2_004158BA
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004059402_2_00405940
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004251502_2_00425150
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004039002_2_00403900
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042B9292_2_0042B929
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042D1CF2_2_0042D1CF
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004061A02_2_004061A0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004229B72_2_004229B7
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004261BB2_2_004261BB
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004371B92_2_004371B9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042D1BC2_2_0042D1BC
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004092402_2_00409240
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00414A402_2_00414A40
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0041E2402_2_0041E240
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00432A402_2_00432A40
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00441A502_2_00441A50
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0041225F2_2_0041225F
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0041CA002_2_0041CA00
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004222202_2_00422220
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004252C92_2_004252C9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004242D42_2_004242D4
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00411ADC2_2_00411ADC
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004172E72_2_004172E7
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0041B2E62_2_0041B2E6
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00427AF92_2_00427AF9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004042B02_2_004042B0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00426B602_2_00426B60
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004283102_2_00428310
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0040F33C2_2_0040F33C
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00404BE02_2_00404BE0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00426B802_2_00426B80
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004193952_2_00419395
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0041F3A02_2_0041F3A0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0040C3B42_2_0040C3B4
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042EC732_2_0042EC73
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004384002_2_00438400
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004404002_2_00440400
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004074102_2_00407410
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00440C302_2_00440C30
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043FC802_2_0043FC80
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0040E4982_2_0040E498
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00437CA22_2_00437CA2
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00427CA82_2_00427CA8
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0041702A2_2_0041702A
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043F5402_2_0043F540
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043C5402_2_0043C540
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004395502_2_00439550
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004125602_2_00412560
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0041DD602_2_0041DD60
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00438DC02_2_00438DC0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004315E02_2_004315E0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042ADF02_2_0042ADF0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00421E402_2_00421E40
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004386602_2_00438660
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043F6602_2_0043F660
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043F67B2_2_0043F67B
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043F6792_2_0043F679
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004096202_2_00409620
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042B6292_2_0042B629
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004066302_2_00406630
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042A6302_2_0042A630
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00419EE02_2_00419EE0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004286902_2_00428690
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042D69A2_2_0042D69A
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00410EA32_2_00410EA3
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004257502_2_00425750
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00432F502_2_00432F50
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00402F002_2_00402F00
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004237302_2_00423730
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00434FCC2_2_00434FCC
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00408FD02_2_00408FD0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0040D7D42_2_0040D7D4
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042F7FD2_2_0042F7FD
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00424F952_2_00424F95
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043F7A02_2_0043F7A0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00439FA72_2_00439FA7
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0042C7B02_2_0042C7B0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_008410002_2_00841000
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0084F5552_2_0084F555
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_008677922_2_00867792
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00859CC02_2_00859CC0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00865C5E2_2_00865C5E
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00853FB22_2_00853FB2
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: String function: 0084FA60 appears 100 times
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: String function: 00414A30 appears 61 times
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: String function: 0085CFD6 appears 40 times
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: String function: 0084FAE4 appears 34 times
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: String function: 008580F8 appears 42 times
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: String function: 00408050 appears 46 times
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: String function: 00850730 appears 38 times
      Source: Crosshair-X.exe, 00000000.00000000.1671187834.00000000008CF000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Crosshair-X.exe
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Crosshair-X.exe
      Source: Crosshair-X.exe, 00000002.00000000.1694351714.00000000008CF000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Crosshair-X.exe
      Source: Crosshair-X.exe, 00000002.00000003.1698816480.0000000004DFB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Crosshair-X.exe
      Source: Crosshair-X.exeBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Crosshair-X.exe
      Source: Crosshair-X.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: Crosshair-X.exeStatic PE information: Section: .bss ZLIB complexity 1.0003393954918032
      Source: classification engineClassification label: mal100.troj.evad.winEXE@4/1@11/2
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_004310A0 CoCreateInstance,2_2_004310A0
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2008:120:WilError_03
      Source: Crosshair-X.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Crosshair-X.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Crosshair-X.exeVirustotal: Detection: 32%
      Source: C:\Users\user\Desktop\Crosshair-X.exeFile read: C:\Users\user\Desktop\Crosshair-X.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Crosshair-X.exe "C:\Users\user\Desktop\Crosshair-X.exe"
      Source: C:\Users\user\Desktop\Crosshair-X.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\Crosshair-X.exeProcess created: C:\Users\user\Desktop\Crosshair-X.exe "C:\Users\user\Desktop\Crosshair-X.exe"
      Source: C:\Users\user\Desktop\Crosshair-X.exeProcess created: C:\Users\user\Desktop\Crosshair-X.exe "C:\Users\user\Desktop\Crosshair-X.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: Crosshair-X.exeStatic file information: File size 100205096 > 1048576
      Source: Crosshair-X.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: Crosshair-X.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: Crosshair-X.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: Crosshair-X.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: Crosshair-X.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_0084FB83 push ecx; ret 0_2_0084FB96
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0044547A push cs; ret 2_2_004454B2
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043F4D0 push eax; mov dword ptr [esp], 60636255h2_2_0043F4D3
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043C490 push eax; mov dword ptr [esp], 0B08090Eh2_2_0043C49E
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00449CA4 push ebp; iretd 2_2_00449CA6
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0084FB83 push ecx; ret 2_2_0084FB96
      Source: C:\Users\user\Desktop\Crosshair-X.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-21961
      Source: C:\Users\user\Desktop\Crosshair-X.exeAPI coverage: 4.1 %
      Source: C:\Users\user\Desktop\Crosshair-X.exe TID: 3272Thread sleep time: -120000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exe TID: 6356Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_00861FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00861FE9
      Source: Crosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1782021358.000000000324A000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782438282.000000000324B000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751400814.000000000324A000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782309305.00000000031FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0043DD60 LdrInitializeThunk,2_2_0043DD60
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_0084F8E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0084F8E9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_0087A19E mov edi, dword ptr fs:[00000030h]0_2_0087A19E
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_00841FB0 mov edi, dword ptr fs:[00000030h]0_2_00841FB0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00841FB0 mov edi, dword ptr fs:[00000030h]2_2_00841FB0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_0085D8E0 GetProcessHeap,0_2_0085D8E0
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_0084F52D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0084F52D
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_0084F8DD SetUnhandledExceptionFilter,0_2_0084F8DD
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_0084F8E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0084F8E9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_00857E30 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00857E30
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0084F52D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0084F52D
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0084F8DD SetUnhandledExceptionFilter,2_2_0084F8DD
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_0084F8E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0084F8E9
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 2_2_00857E30 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00857E30

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Contains functionality to inject code into remote processes
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_0087A19E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_0087A19E
      Injects a PE file into a foreign processes
      Source: C:\Users\user\Desktop\Crosshair-X.exeMemory written: C:\Users\user\Desktop\Crosshair-X.exe base: 400000 value starts with: 4D5AJump to behavior
      LummaC encrypted strings found
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: hummskitnj.buzz
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cashfuzysao.buzz
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: appliacnesot.buzz
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: screwamusresz.buzz
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: inherineau.buzz
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: scentniej.buzz
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rebuildeso.buzz
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: prisonyfork.buzz
      Source: Crosshair-X.exe, 00000000.00000002.1696048543.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: bellflamre.click
      Source: C:\Users\user\Desktop\Crosshair-X.exeProcess created: C:\Users\user\Desktop\Crosshair-X.exe "C:\Users\user\Desktop\Crosshair-X.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: EnumSystemLocalesW,0_2_0085D1BD
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00861287
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: EnumSystemLocalesW,0_2_008614D8
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00861580
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: EnumSystemLocalesW,0_2_008617D3
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,0_2_00861840
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: EnumSystemLocalesW,0_2_00861915
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,0_2_00861960
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00861A07
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,0_2_00861B0D
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,0_2_0085CC15
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: EnumSystemLocalesW,2_2_0085D1BD
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00861287
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: EnumSystemLocalesW,2_2_008614D8
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_00861580
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: EnumSystemLocalesW,2_2_008617D3
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,2_2_00861840
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: EnumSystemLocalesW,2_2_00861915
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,2_2_00861960
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00861A07
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,2_2_00861B0D
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: GetLocaleInfoW,2_2_0085CC15
      Source: C:\Users\user\Desktop\Crosshair-X.exeCode function: 0_2_008500B4 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_008500B4
      Source: C:\Users\user\Desktop\Crosshair-X.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		211
      Process Injection      		1
      Virtualization/Sandbox Evasion      		OS Credential Dumping1
      System Time Discovery      		Remote Services1
      Screen Capture      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      PowerShell      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		211
      Process Injection      		LSASS Memory21
      Security Software Discovery      		Remote Desktop Protocol1
      Archive Collected Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information      		Security Account Manager1
      Virtualization/Sandbox Evasion      		SMB/Windows Admin Shares2
      Clipboard Data      		3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
      Obfuscated Files or Information      		NTDS1
      File and Directory Discovery      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Software Packing      		LSA Secrets13
      System Information Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Crosshair-X.exe32%VirustotalBrowse
      Crosshair-X.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://lev-tolstoi.com/vop100%Avira URL Cloudmalware
      https://lev-tolstoi.com/pi&100%Avira URL Cloudmalware
      https://cashfuzysao.buzz/api100%Avira URL Cloudmalware
      https://lev-tolstoi.com/apipE100%Avira URL Cloudmalware
      https://hummskitnj.buzz/api100%Avira URL Cloudmalware
      https://lev-tolstoi.com/vo100%Avira URL Cloudmalware
      https://lev-tolstoi.com/pi-100%Avira URL Cloudmalware
      https://lev-tolstoi.com/$B100%Avira URL Cloudmalware
      https://appliacnesot.buzz/api100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      		104.121.10.34
      		truefalse
        		high
        lev-tolstoi.com
        		104.21.66.86
        		truefalse
          		high
          cashfuzysao.buzz
          		unknown
          		unknownfalse
            		high
            scentniej.buzz
            		unknown
            		unknownfalse
              		high
              inherineau.buzz
              		unknown
              		unknownfalse
                		high
                prisonyfork.buzz
                		unknown
                		unknownfalse
                  		high
                  bellflamre.click
                  		unknown
                  		unknownfalse
                    		high
                    rebuildeso.buzz
                    		unknown
                    		unknownfalse
                      		high
                      appliacnesot.buzz
                      		unknown
                      		unknownfalse
                        		high
                        hummskitnj.buzz
                        		unknown
                        		unknownfalse
                          		high
                          screwamusresz.buzz
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            scentniej.buzzfalse
                              		high
                              https://steamcommunity.com/profiles/76561199724331900false
                                		high
                                rebuildeso.buzzfalse
                                  		high
                                  appliacnesot.buzzfalse
                                    		high
                                    screwamusresz.buzzfalse
                                      		high
                                      cashfuzysao.buzzfalse
                                        		high
                                        inherineau.buzzfalse
                                          		high
                                          https://lev-tolstoi.com/apifalse
                                            		high
                                            hummskitnj.buzzfalse
                                              		high
                                              bellflamre.clickfalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://player.vimeo.comCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://steamcommunity.com/?subsection=broadcastsCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://store.steampowered.com/subscriber_agreement/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.gstatic.cn/recaptcha/Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.valvesoftware.com/legal.htmCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.youtube.comCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.google.comCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://lev-tolstoi.com/pi-Crosshair-X.exe, 00000002.00000002.1782309305.0000000003214000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://s.ytimg.com;Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781997835.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782391559.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774488846.0000000003236000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://steam.tv/Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.entrust.net/rpa03Crosshair-X.exefalse
                                                                                                		high
                                                                                                http://store.steampowered.com/privacy_agreement/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://lev-tolstoi.com/apipECrosshair-X.exe, 00000002.00000003.1781975436.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782450389.000000000325A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/points/shop/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://lev-tolstoi.com/pi&Crosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781975436.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774464726.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782450389.000000000325A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&aCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://sketchfab.comCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://lv.queniujq.cnCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://steamcommunity.com/profiles/76561199724331900/inventory/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781997835.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782391559.0000000003236000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774488846.0000000003236000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.youtube.com/Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://store.steampowered.com/privacy_agreement/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.google.com/recaptcha/Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://checkout.steampowered.com/Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://appliacnesot.buzz/apiCrosshair-X.exe, 00000002.00000003.1751400814.000000000324A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: malware
                                                                                                                        		unknown
                                                                                                                        http://crl.entrust.net/2048ca.crl0Crosshair-X.exefalse
                                                                                                                          		high
                                                                                                                          https://store.steampowered.com/;Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.entrust.net/rpa0Crosshair-X.exefalse
                                                                                                                              		high
                                                                                                                              https://store.steampowered.com/about/Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamcommunity.com/my/wishlist/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://ocsp.entrust.net03Crosshair-X.exefalse
                                                                                                                                      		high
                                                                                                                                      http://ocsp.entrust.net02Crosshair-X.exefalse
                                                                                                                                        		high
                                                                                                                                        https://help.steampowered.com/en/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://steamcommunity.com/market/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://store.steampowered.com/news/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://store.steampowered.com/subscriber_agreement/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://cashfuzysao.buzz/apiCrosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1782021358.000000000324A000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782438282.000000000324B000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751400814.000000000324A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                  		unknown
                                                                                                                                                  https://lev-tolstoi.com/$BCrosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781975436.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774464726.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782450389.000000000325A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                  		unknown
                                                                                                                                                  https://recaptcha.net/recaptcha/;Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://lev-tolstoi.com/apisCrosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774464726.0000000003259000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/discussions/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://hummskitnj.buzz/apiCrosshair-X.exe, 00000002.00000003.1774413361.0000000003249000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1782021358.000000000324A000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782438282.000000000324B000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751400814.000000000324A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                        		unknown
                                                                                                                                                        https://store.steampowered.com/stats/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://medal.tvCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://broadcast.st.dl.eccdnx.comCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://lev-tolstoi.com/vopCrosshair-X.exe, 00000002.00000003.1781975436.0000000003259000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.0000000003247000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000002.1782450389.000000000325A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://store.steampowered.com/steam_refunds/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=eCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://crl.entrust.net/ts1ca.crl0Crosshair-X.exefalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://steamcommunity.com/workshop/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://login.steampowered.com/Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://store.steampowered.com/legal/Crosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://lev-tolstoi.com/voCrosshair-X.exe, 00000002.00000002.1782309305.0000000003214000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&aCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://recaptcha.netCrosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://aia.entrust.net/ts1-chain256.cer01Crosshair-X.exefalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://store.steampowered.com/Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=eCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://127.0.0.1:27060Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgCrosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1781937278.000000000323F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifCrosshair-X.exe, 00000002.00000003.1751354434.0000000003297000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774380805.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1751354434.000000000328F000.00000004.00000020.00020000.00000000.sdmp, Crosshair-X.exe, 00000002.00000003.1774413361.000000000323E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                  104.21.66.86
                                                                                                                                                                                                                  		lev-tolstoi.comUnited States
                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                  104.121.10.34
                                                                                                                                                                                                                  		steamcommunity.comUnited States
                                                                                                                                                                                                                  		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                  Analysis ID:1581745
                                                                                                                                                                                                                  Start date and time:2024-12-28 22:03:30 +01:00
                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                  Overall analysis duration:0h 3m 43s
                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                  Number of analysed new started processes analysed:4
                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                  Sample name:Crosshair-X.exe
                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                  Classification:mal100.troj.evad.winEXE@4/1@11/2
                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                  • Successful, ratio: 98%
                                                                                                                                                                                                                  • Number of executed functions: 37
                                                                                                                                                                                                                  • Number of non-executed functions: 159
                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                  • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): SIHClient.exe
                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com
                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                  16:04:24API Interceptor8x Sleep call for process: Crosshair-X.exe modified

                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                  • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                  104.121.10.34Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      Vq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                            fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                              hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      lev-tolstoi.comiien1HBbB3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      oe9KS7ZHUc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      MPgkx6bQIQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                      l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                      XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                      GHXsFkoroU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                      3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                      steamcommunity.comiien1HBbB3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                      oe9KS7ZHUc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                      MPgkx6bQIQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                      l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                      SQHE4Hsjo6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                      XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                      GHXsFkoroU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                      5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                      TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                      3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      AKAMAI-ASUS48.252.190.9.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 23.206.103.35
                                                                                                                                                                                                                                      Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      phish_alert_iocp_v1.4.48 - 2024-12-27T140703.193.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 2.19.198.40
                                                                                                                                                                                                                                      SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                      ForcesLangi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 92.122.104.90
                                                                                                                                                                                                                                      Leside-.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 92.122.104.90
                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      Vq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                      • 23.57.90.162
                                                                                                                                                                                                                                      CLOUDFLARENETUSsetup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 172.67.165.214
                                                                                                                                                                                                                                      !Set-up..exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 172.67.75.40
                                                                                                                                                                                                                                      !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 104.26.3.16
                                                                                                                                                                                                                                      ZZ2sTsJFrt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                      • 104.21.38.84
                                                                                                                                                                                                                                      FB.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                                                      http://prowebideas.com/dsfdgfhgdfsdfdgfhgdrwet/gdfsdfdgfhgfgdfsdfdgfh/gfsdfdgfhgfgdfsdfdgfhgdfsdfdgfhGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 104.26.9.163
                                                                                                                                                                                                                                      http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.87.112
                                                                                                                                                                                                                                      test5.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                                                      • 104.21.34.5
                                                                                                                                                                                                                                      iien1HBbB3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86

                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1!Set-up..exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      iien1HBbB3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      SgMuuLxOCJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      oe9KS7ZHUc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      MPgkx6bQIQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      SQHE4Hsjo6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                                                      XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                      • 104.121.10.34

                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                      \Device\ConDrv

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Crosshair-X.exe
                                                                                                                                                                                                                                      File Type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):14402
                                                                                                                                                                                                                                      Entropy (8bit):4.874636730022465
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:vlICCmV5fTMzsM3qlICCmV5fTMzsM3ip9guFx2rBhiLfmfU:vGCC+dMOGCC+dMY9guFx2rBo
                                                                                                                                                                                                                                      MD5:DF0EFD0545733561C6E165770FB3661C
                                                                                                                                                                                                                                      SHA1:0F3AD477176CF235C6C59EE2EB15D81DCB6178A8
                                                                                                                                                                                                                                      SHA-256:A434B406E97A2C892FA88C3975D8181EBEA62A8DA919C5221409E425DF50FD17
                                                                                                                                                                                                                                      SHA-512:3FF527435BC8BCF2640E0B64725CC0DB8A801D912698D4D94C44200529268B80AA7B59A2E2A2EA6C4621E09AA249AAA3583A8D90E4F5D7B68E0E6FFFEB759918
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                      Preview:AcquireSRWLockExclusive..AcquireSRWLockShared..ActivateActCtx..ActivateActCtxWorker..AddAtomA..AddAtomW..AddConsoleAliasA..AddConsoleAliasW..AddDllDirectory..AddIntegrityLabelToBoundaryDescriptor..AddLocalAlternateComputerNameA..AddLocalAlternateComputerNameW..AddRefActCtx..AddRefActCtxWorker..AddResourceAttributeAce..AddSIDToBoundaryDescriptor..AddScopedPolicyIDAce..AddSecureMemoryCacheCallback..AddVectoredContinueHandler..AddVectoredExceptionHandler..AdjustCalendarDate..AllocConsole..AllocateUserPhysicalPages..AllocateUserPhysicalPagesNuma..AppPolicyGetClrCompat..AppPolicyGetCreateFileAccess..AppPolicyGetLifecycleManagement..AppPolicyGetMediaFoundationCodecLoading..AppPolicyGetProcessTerminationMethod..AppPolicyGetShowDeveloperDiagnostic..AppPolicyGetThreadInitializationType..AppPolicyGetWindowingModel..AppXGetOSMaxVersionTested..ApplicationRecoveryFinished..ApplicationRecoveryInProgress..AreFileApisANSI..AssignProcessToJobObject..AttachConsole..BackupRead..BackupSeek..BackupWrite..B

                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                      Entropy (8bit):0.09649414149847303
                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                      File name:Crosshair-X.exe
                                                                                                                                                                                                                                      File size:100'205'096 bytes
                                                                                                                                                                                                                                      MD5:ffc5dbf6966dd3383faeed15eafeeee9
                                                                                                                                                                                                                                      SHA1:dd1c357fa9c982a3a7824f7ef7043c8185e1ab0c
                                                                                                                                                                                                                                      SHA256:ba21ca2f38d1d1c6b72b3974c3e610080fc1dd0c82fefa7a5b2d5ece070cd5f9
                                                                                                                                                                                                                                      SHA512:3bc56d599e0ed45c42c8d10d77a493e82eb92f182843cd9847a35863dce540c41b6c697506116f3597e01c855ff9e3ba953a92c904b9179f11249e4c5d762411
                                                                                                                                                                                                                                      SSDEEP:12288:LYO6Dqzihouxpa+yWxKiZL74U5/314oCqG2oMUZZGN22TaLY5EO:UO6DThou2+y+H/qTqKHGE2b5t
                                                                                                                                                                                                                                      TLSH:1B28D0123690C4B2C9531D724AB9D779193EB8100F615ACBA7A84BBECEB07F14F3165E
                                                                                                                                                                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....ng.....................\....................@..........................@......^.....@.................................|j..<..

                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                      Icon Hash:0f45869392ce6d17

                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Entrypoint:0x4104a0
                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      Subsystem:windows cui
                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NO_ISOLATION, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                      Time Stamp:0x676E98E6 [Fri Dec 27 12:09:10 2024 UTC]
                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                      Import Hash:96d90e8808da099bc17e050394f447e7

                                                                                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                                                                                      Signature Valid:
                                                                                                                                                                                                                                      Signature Issuer:
                                                                                                                                                                                                                                      Signature Validation Error:
                                                                                                                                                                                                                                      Error Number:
                                                                                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                                          Version:
                                                                                                                                                                                                                                          Thumbprint MD5:
                                                                                                                                                                                                                                          Thumbprint SHA-1:
                                                                                                                                                                                                                                          Thumbprint SHA-256:
                                                                                                                                                                                                                                          Serial:

                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                          call 00007F5C89424EEAh
                                                                                                                                                                                                                                          jmp 00007F5C89424D4Dh
                                                                                                                                                                                                                                          mov ecx, dword ptr [0043B680h]
                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                          mov edi, BB40E64Eh
                                                                                                                                                                                                                                          mov esi, FFFF0000h
                                                                                                                                                                                                                                          cmp ecx, edi
                                                                                                                                                                                                                                          je 00007F5C89424EE6h
                                                                                                                                                                                                                                          test esi, ecx
                                                                                                                                                                                                                                          jne 00007F5C89424F08h
                                                                                                                                                                                                                                          call 00007F5C89424F11h
                                                                                                                                                                                                                                          mov ecx, eax
                                                                                                                                                                                                                                          cmp ecx, edi
                                                                                                                                                                                                                                          jne 00007F5C89424EE9h
                                                                                                                                                                                                                                          mov ecx, BB40E64Fh
                                                                                                                                                                                                                                          jmp 00007F5C89424EF0h
                                                                                                                                                                                                                                          test esi, ecx
                                                                                                                                                                                                                                          jne 00007F5C89424EECh
                                                                                                                                                                                                                                          or eax, 00004711h
                                                                                                                                                                                                                                          shl eax, 10h
                                                                                                                                                                                                                                          or ecx, eax
                                                                                                                                                                                                                                          mov dword ptr [0043B680h], ecx
                                                                                                                                                                                                                                          not ecx
                                                                                                                                                                                                                                          pop edi
                                                                                                                                                                                                                                          mov dword ptr [0043B6C0h], ecx
                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                          sub esp, 14h
                                                                                                                                                                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                          xorps xmm0, xmm0
                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                          movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                                                                                                                                          call dword ptr [00436D00h]
                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                                          xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                          call dword ptr [00436CB8h]
                                                                                                                                                                                                                                          xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                          call dword ptr [00436CB4h]
                                                                                                                                                                                                                                          xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                          lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                          call dword ptr [00436D50h]
                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                                                          lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                                                                          xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                          xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                                          xor eax, ecx
                                                                                                                                                                                                                                          leave
                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                          mov eax, 00004000h
                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                          push 0043CF48h
                                                                                                                                                                                                                                          call dword ptr [00436D28h]
                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                          push 00030000h
                                                                                                                                                                                                                                          push 00010000h
                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                          call 00007F5C8942BCC3h
                                                                                                                                                                                                                                          add esp, 0Ch

                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x36a7c0x3c.rdata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x8f0000x4284.rsrc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x89c000x2628.bss
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x3f0000x2744.reloc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x326080x18.rdata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2ea980xc0.rdata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x36c3c0x184.rdata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                          .text0x10000x2b4ca0x2b600ebf84c6b836020b1a66433a898baeab7False0.5443702719740634data6.596404756541432IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .rdata0x2d0000xc50c0xc60096e76e7ef084461591b1dcd4c2131f05False0.40260022095959597data4.741850626178578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .data0x3a0000x37140x2800d87fd4546a2b39263a028b496b33108fFalse0.29814453125data5.024681407682101IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                          .tls0x3e0000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                          .reloc0x3f0000x27440x2800c7508b57e36483307c47b7dd73fc0c85False0.75166015625data6.531416896423856IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .bss0x420000x4c4000x4c400aa329b78b04dd05f5083c0e92bab95c9False1.0003393954918032data7.999363295829706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                          .rsrc0x8f0000x42840x4400573fd821fa82f273bc00b41f87649450False0.9294577205882353data7.7267577156155784IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                          RT_ICON0x8f16c0x3d60PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9851705702647657
                                                                                                                                                                                                                                          RT_GROUP_ICON0x92ecc0x14data1.05
                                                                                                                                                                                                                                          RT_VERSION0x92ee00x3a4dataEnglishUnited States0.44849785407725323

                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                          KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateFileW, CreateThread, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExitThread, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetConsoleWindow, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetExitCodeThread, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                                                                                                                                          USER32.dllShowWindow

                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                          2024-12-28T22:04:25.580278+01002058212ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click)1192.168.2.4572771.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-28T22:04:25.816923+01002058584ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)1192.168.2.4651531.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-28T22:04:26.036008+01002058586ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)1192.168.2.4528351.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-28T22:04:26.265858+01002058588ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)1192.168.2.4603621.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-28T22:04:26.540857+01002058580ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)1192.168.2.4627391.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-28T22:04:26.770947+01002058590ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)1192.168.2.4590041.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-28T22:04:27.056657+01002058572ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)1192.168.2.4561011.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-28T22:04:27.287632+01002058576ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)1192.168.2.4624041.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-28T22:04:27.558459+01002058578ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)1192.168.2.4599811.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-28T22:04:29.455229+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.121.10.34443TCP
                                                                                                                                                                                                                                          2024-12-28T22:04:30.363659+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449730104.121.10.34443TCP
                                                                                                                                                                                                                                          2024-12-28T22:04:32.056310+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.66.86443TCP
                                                                                                                                                                                                                                          2024-12-28T22:04:32.804055+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731104.21.66.86443TCP
                                                                                                                                                                                                                                          2024-12-28T22:04:32.804055+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.66.86443TCP
                                                                                                                                                                                                                                          2024-12-28T22:04:33.556119+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732104.21.66.86443TCP

                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:28.013012886 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:28.013050079 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:28.013271093 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:28.016197920 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:28.016208887 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:29.455144882 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:29.455229044 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:29.457986116 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:29.457998991 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:29.458236933 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:29.509085894 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:29.548300028 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:29.595336914 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.363656044 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.363679886 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.363687992 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.363699913 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.363706112 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.363876104 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.363876104 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.363902092 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.363965034 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.490840912 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.490865946 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.491065025 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.491089106 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.491147995 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.499322891 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.499408960 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.499414921 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.499466896 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.500757933 CET49730443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.500773907 CET44349730104.121.10.34192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.840311050 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.840370893 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.840478897 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.840802908 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.840820074 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.056201935 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.056309938 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.060117960 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.060127020 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.060502052 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.061717987 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.061747074 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.061789989 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.804030895 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.804145098 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.804295063 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.804398060 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.804423094 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.804438114 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.804446936 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.825097084 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.825145006 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.825223923 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.825509071 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:32.825522900 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:33.556118965 CET49732443192.168.2.4104.21.66.86

                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:25.580277920 CET5727753192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:25.811878920 CET53572771.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:25.816922903 CET6515353192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.033268929 CET53651531.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.036007881 CET5283553192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.262846947 CET53528351.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.265857935 CET6036253192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.538028002 CET53603621.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.540857077 CET6273953192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.767765999 CET53627391.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.770946980 CET5900453192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.054801941 CET53590041.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.056657076 CET5610153192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.279997110 CET53561011.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.287631989 CET6240453192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.520261049 CET53624041.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.558459044 CET5998153192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.868031979 CET53599811.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.871371984 CET5026753192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:28.008419037 CET53502671.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.515786886 CET5091453192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.839235067 CET53509141.1.1.1192.168.2.4

                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:25.580277920 CET192.168.2.41.1.1.10xbb28Standard query (0)bellflamre.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:25.816922903 CET192.168.2.41.1.1.10x5c6Standard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.036007881 CET192.168.2.41.1.1.10xbbbdStandard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.265857935 CET192.168.2.41.1.1.10x8954Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.540857077 CET192.168.2.41.1.1.10x27bbStandard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.770946980 CET192.168.2.41.1.1.10xd4a7Standard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.056657076 CET192.168.2.41.1.1.10x9a14Standard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.287631989 CET192.168.2.41.1.1.10x98cStandard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.558459044 CET192.168.2.41.1.1.10x7fa1Standard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.871371984 CET192.168.2.41.1.1.10xb625Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.515786886 CET192.168.2.41.1.1.10x785fStandard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:25.811878920 CET1.1.1.1192.168.2.40xbb28Name error (3)bellflamre.clicknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.033268929 CET1.1.1.1192.168.2.40x5c6Name error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.262846947 CET1.1.1.1192.168.2.40xbbbdName error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.538028002 CET1.1.1.1192.168.2.40x8954Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:26.767765999 CET1.1.1.1192.168.2.40x27bbName error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.054801941 CET1.1.1.1192.168.2.40xd4a7Name error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.279997110 CET1.1.1.1192.168.2.40x9a14Name error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.520261049 CET1.1.1.1192.168.2.40x98cName error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:27.868031979 CET1.1.1.1192.168.2.40x7fa1Name error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:28.008419037 CET1.1.1.1192.168.2.40xb625No error (0)steamcommunity.com104.121.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.839235067 CET1.1.1.1192.168.2.40x785fNo error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 28, 2024 22:04:30.839235067 CET1.1.1.1192.168.2.40x785fNo error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                                                          • lev-tolstoi.com

                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          0192.168.2.449730104.121.10.344434464C:\Users\user\Desktop\Crosshair-X.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          2024-12-28 21:04:29 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                                          2024-12-28 21:04:30 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                          Date: Sat, 28 Dec 2024 21:04:30 GMT
                                                                                                                                                                                                                                          Content-Length: 35121
                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                          Set-Cookie: sessionid=01822199e6c2252921d66452; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                          2024-12-28 21:04:30 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                          2024-12-28 21:04:30 UTC16384INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                          Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                          2024-12-28 21:04:30 UTC3768INData Raw: 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 22
                                                                                                                                                                                                                                          Data Ascii: </div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_persona_name"
                                                                                                                                                                                                                                          2024-12-28 21:04:30 UTC490INData Raw: 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 74
                                                                                                                                                                                                                                          Data Ascii: r Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div class="bt


                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          1192.168.2.449731104.21.66.864434464C:\Users\user\Desktop\Crosshair-X.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          2024-12-28 21:04:32 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                                          2024-12-28 21:04:32 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                          2024-12-28 21:04:32 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Date: Sat, 28 Dec 2024 21:04:32 GMT
                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=6p99rq68ovs6pfen7ul0hjtkjf; expires=Wed, 23 Apr 2025 14:51:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B9x7aFf5t1S5Cgaq0oXqAFRwglJmEEC9l8KBR52E9xcBDW3EIqqamIfw%2BNxwgBM0qXu%2F40IPu5l4aU8ep0C%2Bhu7pgGGOlv4DXuz0GHSPvccUxf5Q4yl3O5W%2Fy6o8vvAK760%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                          CF-RAY: 8f9480da1cf443bf-EWR
                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2183&min_rtt=1576&rtt_var=1024&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=906&delivery_rate=1852791&cwnd=252&unsent_bytes=0&cid=e47bf10a746fd14a&ts=759&x=0"
                                                                                                                                                                                                                                          2024-12-28 21:04:32 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                                          2024-12-28 21:04:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                          Start time:16:04:21
                                                                                                                                                                                                                                          Start date:28/12/2024
                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\Crosshair-X.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Crosshair-X.exe"
                                                                                                                                                                                                                                          Imagebase:0x840000
                                                                                                                                                                                                                                          File size:100'205'096 bytes
                                                                                                                                                                                                                                          MD5 hash:FFC5DBF6966DD3383FAEED15EAFEEEE9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                          Start time:16:04:21
                                                                                                                                                                                                                                          Start date:28/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                          Start time:16:04:23
                                                                                                                                                                                                                                          Start date:28/12/2024
                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\Crosshair-X.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Crosshair-X.exe"
                                                                                                                                                                                                                                          Imagebase:0x840000
                                                                                                                                                                                                                                          File size:100'205'096 bytes
                                                                                                                                                                                                                                          MD5 hash:FFC5DBF6966DD3383FAEED15EAFEEEE9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:6.5%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0.4%
                                                                                                                                                                                                                                            Signature Coverage:4.8%
                                                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                                                            Total number of Limit Nodes:29
                                                                                                                                                                                                                                            execution_graph 19836 8592d7 19839 85bed7 19836->19839 19840 85bee2 RtlFreeHeap 19839->19840 19841 8592ef 19839->19841 19840->19841 19842 85bef7 GetLastError 19840->19842 19843 85bf04 __dosmaperr 19842->19843 19845 8576e4 19843->19845 19848 85c2bb GetLastError 19845->19848 19847 8576e9 19847->19841 19849 85c2d1 19848->19849 19850 85c2d7 19848->19850 19871 85cb94 19849->19871 19854 85c2db SetLastError 19850->19854 19876 85cbd3 19850->19876 19854->19847 19858 85c321 19861 85cbd3 __Getctype 6 API calls 19858->19861 19859 85c310 19860 85cbd3 __Getctype 6 API calls 19859->19860 19862 85c31e 19860->19862 19863 85c32d 19861->19863 19867 85bed7 ___free_lconv_mon 12 API calls 19862->19867 19864 85c331 19863->19864 19865 85c348 19863->19865 19866 85cbd3 __Getctype 6 API calls 19864->19866 19890 85c47c 19865->19890 19866->19862 19867->19854 19870 85bed7 ___free_lconv_mon 12 API calls 19870->19854 19895 85cfd6 19871->19895 19874 85cbb9 19874->19850 19875 85cbcb TlsGetValue 19877 85cfd6 std::_Lockit::_Lockit 5 API calls 19876->19877 19878 85cbef 19877->19878 19879 85cc0d TlsSetValue 19878->19879 19880 85c2f3 19878->19880 19880->19854 19881 85d2b4 19880->19881 19882 85d2c1 19881->19882 19883 85d301 19882->19883 19884 85d2ec HeapAlloc 19882->19884 19889 85d2d5 __Getctype 19882->19889 19885 8576e4 __strnicoll 13 API calls 19883->19885 19886 85d2ff 19884->19886 19884->19889 19887 85c308 19885->19887 19886->19887 19887->19858 19887->19859 19889->19883 19889->19884 19910 855877 19889->19910 19924 85c5e2 19890->19924 19896 85d006 19895->19896 19897 85cbb0 19895->19897 19896->19897 19902 85cf0b 19896->19902 19897->19874 19897->19875 19900 85d020 GetProcAddress 19900->19897 19901 85d030 std::_Lockit::_Lockit 19900->19901 19901->19897 19908 85cf1c ___vcrt_FlsFree 19902->19908 19903 85cfb2 19903->19897 19903->19900 19904 85cf3a LoadLibraryExW 19905 85cf55 GetLastError 19904->19905 19906 85cfb9 19904->19906 19905->19908 19906->19903 19907 85cfcb FreeLibrary 19906->19907 19907->19903 19908->19903 19908->19904 19909 85cf88 LoadLibraryExW 19908->19909 19909->19906 19909->19908 19913 8558b2 19910->19913 19914 8558be ___scrt_is_nonwritable_in_current_image 19913->19914 19919 8580e1 EnterCriticalSection 19914->19919 19916 8558c9 CallUnexpected 19920 855900 19916->19920 19919->19916 19923 8580f8 LeaveCriticalSection 19920->19923 19922 855882 19922->19889 19923->19922 19925 85c5ee ___scrt_is_nonwritable_in_current_image 19924->19925 19938 8580e1 EnterCriticalSection 19925->19938 19927 85c5f8 19939 85c628 19927->19939 19930 85c634 19931 85c640 ___scrt_is_nonwritable_in_current_image 19930->19931 19943 8580e1 EnterCriticalSection 19931->19943 19933 85c64a 19944 85c431 19933->19944 19935 85c662 19948 85c682 19935->19948 19938->19927 19942 8580f8 LeaveCriticalSection 19939->19942 19941 85c4ea 19941->19930 19942->19941 19943->19933 19945 85c467 __Getctype 19944->19945 19946 85c440 __Getctype 19944->19946 19945->19935 19946->19945 19951 8606da 19946->19951 20065 8580f8 LeaveCriticalSection 19948->20065 19950 85c353 19950->19870 19952 86075a 19951->19952 19955 8606f0 19951->19955 19953 8607a8 19952->19953 19956 85bed7 ___free_lconv_mon 14 API calls 19952->19956 20019 860874 19953->20019 19955->19952 19957 860723 19955->19957 19962 85bed7 ___free_lconv_mon 14 API calls 19955->19962 19958 86077c 19956->19958 19959 860745 19957->19959 19967 85bed7 ___free_lconv_mon 14 API calls 19957->19967 19960 85bed7 ___free_lconv_mon 14 API calls 19958->19960 19961 85bed7 ___free_lconv_mon 14 API calls 19959->19961 19963 86078f 19960->19963 19964 86074f 19961->19964 19966 860718 19962->19966 19968 85bed7 ___free_lconv_mon 14 API calls 19963->19968 19969 85bed7 ___free_lconv_mon 14 API calls 19964->19969 19965 860816 19970 85bed7 ___free_lconv_mon 14 API calls 19965->19970 19979 85fb31 19966->19979 19972 86073a 19967->19972 19973 86079d 19968->19973 19969->19952 19975 86081c 19970->19975 20007 85fe4d 19972->20007 19978 85bed7 ___free_lconv_mon 14 API calls 19973->19978 19974 85bed7 14 API calls ___free_lconv_mon 19976 8607b6 19974->19976 19975->19945 19976->19965 19976->19974 19978->19953 19980 85fb42 19979->19980 20006 85fc2b 19979->20006 19981 85fb53 19980->19981 19982 85bed7 ___free_lconv_mon 14 API calls 19980->19982 19983 85bed7 ___free_lconv_mon 14 API calls 19981->19983 19984 85fb65 19981->19984 19982->19981 19983->19984 19985 85fb77 19984->19985 19987 85bed7 ___free_lconv_mon 14 API calls 19984->19987 19986 85fb89 19985->19986 19988 85bed7 ___free_lconv_mon 14 API calls 19985->19988 19989 85fb9b 19986->19989 19990 85bed7 ___free_lconv_mon 14 API calls 19986->19990 19987->19985 19988->19986 19991 85fbad 19989->19991 19992 85bed7 ___free_lconv_mon 14 API calls 19989->19992 19990->19989 19993 85fbbf 19991->19993 19995 85bed7 ___free_lconv_mon 14 API calls 19991->19995 19992->19991 19994 85fbd1 19993->19994 19996 85bed7 ___free_lconv_mon 14 API calls 19993->19996 19997 85fbe3 19994->19997 19998 85bed7 ___free_lconv_mon 14 API calls 19994->19998 19995->19993 19996->19994 19998->19997 20006->19957 20008 85fe5a 20007->20008 20018 85feb2 20007->20018 20009 85bed7 ___free_lconv_mon 14 API calls 20008->20009 20010 85fe6a 20008->20010 20009->20010 20011 85bed7 ___free_lconv_mon 14 API calls 20010->20011 20013 85fe7c 20010->20013 20011->20013 20012 85fe8e 20015 85fea0 20012->20015 20016 85bed7 ___free_lconv_mon 14 API calls 20012->20016 20013->20012 20014 85bed7 ___free_lconv_mon 14 API calls 20013->20014 20014->20012 20017 85bed7 ___free_lconv_mon 14 API calls 20015->20017 20015->20018 20016->20015 20017->20018 20018->19959 20020 8608a0 20019->20020 20021 860881 20019->20021 20020->19976 20021->20020 20025 85ff3b 20021->20025 20024 85bed7 ___free_lconv_mon 14 API calls 20024->20020 20026 85ff4c 20025->20026 20027 860019 20025->20027 20061 86029b 20026->20061 20027->20024 20030 86029b __Getctype 14 API calls 20031 85ff5f 20030->20031 20032 86029b __Getctype 14 API calls 20031->20032 20033 85ff6a 20032->20033 20034 86029b __Getctype 14 API calls 20033->20034 20063 8602ad 20061->20063 20062 85ff54 20062->20030 20063->20062 20064 85bed7 ___free_lconv_mon 14 API calls 20063->20064 20064->20063 20065->19950 20066 8415d0 20077 841e40 20066->20077 20068 841702 _AnonymousOriginator 20070 8416dd 20070->20068 20118 857ddf 20070->20118 20074 8415db 20074->20070 20083 844320 20074->20083 20096 841750 20074->20096 20110 841d10 20074->20110 20078 841e63 _Fputc 20077->20078 20123 853558 20078->20123 20080 841e7c 20130 84a6e1 20080->20130 20082 841e8c 20082->20074 20084 844364 20083->20084 20085 84444e 20083->20085 20087 8443a5 20084->20087 20088 84437e 20084->20088 20092 844393 _Yarn 20084->20092 20892 842610 20085->20892 20089 84a663 std::ios_base::_Init 3 API calls 20087->20089 20088->20085 20091 84438a 20088->20091 20089->20092 20090 857ddf std::_Throw_Cpp_error 29 API calls 20093 844458 20090->20093 20881 84a663 20091->20881 20092->20090 20095 844424 _AnonymousOriginator 20092->20095 20095->20074 20097 841788 _strlen 20096->20097 20100 84180d 20097->20100 20101 841833 20097->20101 20935 842c50 20097->20935 20103 841b8e 20100->20103 20106 85060c Concurrency::cancel_current_task RaiseException 20100->20106 20953 842f00 20100->20953 20961 8432c0 20100->20961 20101->20100 20909 844460 20101->20909 20104 841b9f 20103->20104 20945 8438e0 20103->20945 20104->20074 20106->20100 20108 84188d 20108->20100 20926 84def0 20108->20926 20111 841d5c 20110->20111 20112 844460 67 API calls 20111->20112 20113 841d70 20112->20113 21590 844b10 20113->21590 20116 842c50 39 API calls 20117 841deb 20116->20117 20117->20074 20119 85801e __strnicoll 29 API calls 20118->20119 20120 857dee 20119->20120 20121 857dfc __Getctype 11 API calls 20120->20121 20122 857dfb 20121->20122 20124 85356c _Fputc 20123->20124 20125 85358e 20124->20125 20126 8535b5 20124->20126 20145 857f78 20125->20145 20137 854d0d 20126->20137 20129 8535a9 _Fputc 20129->20080 20131 84a6e9 20130->20131 20132 84a6ea IsProcessorFeaturePresent 20130->20132 20131->20082 20134 84f447 20132->20134 20880 84f52d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20134->20880 20136 84f52a 20136->20082 20138 854d19 ___scrt_is_nonwritable_in_current_image 20137->20138 20154 853315 EnterCriticalSection 20138->20154 20140 854d27 20155 8546e2 20140->20155 20146 857f8f 20145->20146 20147 857f88 20145->20147 20151 857f9d 20146->20151 20855 857ff5 20146->20855 20851 8537f0 GetLastError 20147->20851 20150 857fc4 20150->20151 20152 857dfc __Getctype 11 API calls 20150->20152 20151->20129 20153 857ff4 20152->20153 20154->20140 20169 85e68b 20155->20169 20157 854709 20176 853b31 20157->20176 20164 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20165 85477c 20164->20165 20166 854d5c 20165->20166 20850 853329 LeaveCriticalSection 20166->20850 20168 854d45 20168->20129 20199 85e736 20169->20199 20171 85e6fe 20171->20157 20172 85e69c _Fputc 20172->20171 20206 85bf11 20172->20206 20175 85bed7 ___free_lconv_mon 14 API calls 20175->20171 20236 853a93 20176->20236 20179 853b57 20180 857f78 _Fputc 29 API calls 20179->20180 20181 853b74 20180->20181 20192 853861 20181->20192 20186 8539f2 66 API calls 20187 853b7f std::_Locinfo::_Locinfo_dtor 20186->20187 20187->20181 20187->20186 20188 853d73 20187->20188 20242 853790 20187->20242 20248 853de1 20187->20248 20251 853e59 20187->20251 20291 853fb2 20187->20291 20189 857f78 _Fputc 29 API calls 20188->20189 20190 853d8d 20189->20190 20191 857f78 _Fputc 29 API calls 20190->20191 20191->20181 20193 85bed7 ___free_lconv_mon 14 API calls 20192->20193 20194 853871 20193->20194 20195 85e774 20194->20195 20196 85e77f 20195->20196 20198 85476a 20195->20198 20196->20198 20744 8585b8 20196->20744 20198->20164 20200 85e742 _Fputc 20199->20200 20201 85e76c 20200->20201 20213 85f704 20200->20213 20201->20172 20203 85e75d 20220 86744f 20203->20220 20205 85e763 20205->20172 20207 85bf4f 20206->20207 20212 85bf1f __Getctype 20206->20212 20208 8576e4 __strnicoll 14 API calls 20207->20208 20210 85bf4d 20208->20210 20209 85bf3a RtlAllocateHeap 20209->20210 20209->20212 20210->20175 20211 855877 std::ios_base::_Init 2 API calls 20211->20212 20212->20207 20212->20209 20212->20211 20214 85f725 20213->20214 20215 85f710 20213->20215 20214->20203 20216 8576e4 __strnicoll 14 API calls 20215->20216 20217 85f715 20216->20217 20229 857dcf 20217->20229 20221 86745c 20220->20221 20222 867469 20220->20222 20223 8576e4 __strnicoll 14 API calls 20221->20223 20225 867475 20222->20225 20226 8576e4 __strnicoll 14 API calls 20222->20226 20224 867461 20223->20224 20224->20205 20225->20205 20227 867496 20226->20227 20228 857dcf __strnicoll 29 API calls 20227->20228 20228->20224 20232 85801e 20229->20232 20231 857ddb 20231->20203 20233 858030 _Fputc 20232->20233 20234 857f78 _Fputc 29 API calls 20233->20234 20235 858048 _Fputc 20234->20235 20235->20231 20237 853ac0 20236->20237 20238 853a9e 20236->20238 20326 8535fc 20237->20326 20239 857f78 _Fputc 29 API calls 20238->20239 20241 853ab9 20239->20241 20241->20179 20241->20181 20241->20187 20243 8537a0 20242->20243 20334 85c7a8 20243->20334 20444 854dda 20248->20444 20250 853e1c 20250->20187 20252 853e77 20251->20252 20253 853e60 20251->20253 20256 857f78 _Fputc 29 API calls 20252->20256 20262 853eb6 20252->20262 20254 853fd6 20253->20254 20255 854042 20253->20255 20253->20262 20257 853fdc 20254->20257 20258 85406a 20254->20258 20260 854047 20255->20260 20261 854081 20255->20261 20259 853eab 20256->20259 20271 853fe1 20257->20271 20272 854037 20257->20272 20492 854b80 20258->20492 20259->20187 20263 854049 20260->20263 20264 854078 20260->20264 20265 854086 20261->20265 20266 8540a0 20261->20266 20262->20187 20268 853ff0 20263->20268 20276 854058 20263->20276 20499 8545ef 20264->20499 20265->20258 20265->20272 20284 854009 20265->20284 20503 85460c 20266->20503 20286 8540ab 20268->20286 20467 85445e 20268->20467 20271->20268 20274 85401c 20271->20274 20271->20284 20272->20286 20481 854866 20272->20481 20274->20286 20477 8542f4 20274->20477 20276->20258 20278 85405c 20276->20278 20278->20286 20488 854622 20278->20488 20279 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20280 8542f2 20279->20280 20280->20187 20283 8541ac 20285 853acb 66 API calls 20283->20285 20288 85421f 20283->20288 20284->20283 20284->20286 20506 853acb 20284->20506 20285->20283 20286->20279 20290 854284 20288->20290 20510 85f430 20288->20510 20289 853acb 66 API calls 20289->20290 20290->20286 20290->20289 20292 853fd6 20291->20292 20293 854042 20291->20293 20294 853fdc 20292->20294 20295 85406a 20292->20295 20296 854047 20293->20296 20297 854081 20293->20297 20306 853fe1 20294->20306 20307 854037 20294->20307 20303 854b80 30 API calls 20295->20303 20298 854049 20296->20298 20299 854078 20296->20299 20300 854086 20297->20300 20301 8540a0 20297->20301 20305 853ff0 20298->20305 20310 854058 20298->20310 20304 8545ef 30 API calls 20299->20304 20300->20295 20300->20307 20319 854009 20300->20319 20302 85460c 30 API calls 20301->20302 20302->20319 20303->20319 20304->20319 20308 85445e 42 API calls 20305->20308 20321 8540ab 20305->20321 20306->20305 20309 85401c 20306->20309 20306->20319 20311 854866 30 API calls 20307->20311 20307->20321 20308->20319 20313 8542f4 41 API calls 20309->20313 20309->20321 20310->20295 20312 85405c 20310->20312 20311->20319 20316 854622 29 API calls 20312->20316 20312->20321 20313->20319 20314 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20315 8542f2 20314->20315 20315->20187 20316->20319 20317 853acb 66 API calls 20317->20319 20318 8541ac 20320 853acb 66 API calls 20318->20320 20323 85421f 20318->20323 20319->20317 20319->20318 20319->20321 20320->20318 20321->20314 20322 85f430 _Fputc 41 API calls 20322->20323 20323->20322 20325 854284 20323->20325 20324 853acb 66 API calls 20324->20325 20325->20321 20325->20324 20327 853610 20326->20327 20328 85367a 20326->20328 20329 85f704 __fread_nolock 29 API calls 20327->20329 20328->20241 20330 853617 20329->20330 20330->20328 20331 8576e4 __strnicoll 14 API calls 20330->20331 20332 85366f 20331->20332 20333 857dcf __strnicoll 29 API calls 20332->20333 20333->20328 20335 85c7bf 20334->20335 20337 8537bd 20334->20337 20335->20337 20342 8608a5 20335->20342 20338 85c7d9 20337->20338 20339 8537ca 20338->20339 20340 85c7f0 20338->20340 20339->20187 20340->20339 20441 85db02 20340->20441 20343 8608b1 ___scrt_is_nonwritable_in_current_image 20342->20343 20355 85c16a GetLastError 20343->20355 20346 860900 20346->20337 20348 8608d8 20383 860926 20348->20383 20356 85c180 20355->20356 20360 85c186 20355->20360 20357 85cb94 __Getctype 6 API calls 20356->20357 20357->20360 20358 85cbd3 __Getctype 6 API calls 20359 85c1a2 20358->20359 20362 85d2b4 __Getctype 14 API calls 20359->20362 20379 85c18a SetLastError 20359->20379 20360->20358 20360->20379 20363 85c1b7 20362->20363 20366 85c1d0 20363->20366 20367 85c1bf 20363->20367 20364 85c21f 20368 858353 CallUnexpected 37 API calls 20364->20368 20365 85c21a 20365->20346 20382 8580e1 EnterCriticalSection 20365->20382 20370 85cbd3 __Getctype 6 API calls 20366->20370 20369 85cbd3 __Getctype 6 API calls 20367->20369 20371 85c224 20368->20371 20372 85c1cd 20369->20372 20373 85c1dc 20370->20373 20378 85bed7 ___free_lconv_mon 14 API calls 20372->20378 20374 85c1f7 20373->20374 20375 85c1e0 20373->20375 20376 85c47c __Getctype 14 API calls 20374->20376 20377 85cbd3 __Getctype 6 API calls 20375->20377 20380 85c202 20376->20380 20377->20372 20378->20379 20379->20364 20379->20365 20381 85bed7 ___free_lconv_mon 14 API calls 20380->20381 20381->20379 20382->20348 20384 8608e9 20383->20384 20385 860934 __Getctype 20383->20385 20387 860905 20384->20387 20385->20384 20386 8606da __Getctype 14 API calls 20385->20386 20386->20384 20401 8580f8 LeaveCriticalSection 20387->20401 20389 8608fc 20389->20346 20390 858353 20389->20390 20402 85e3a0 20390->20402 20393 858363 20395 85836d IsProcessorFeaturePresent 20393->20395 20396 85838c 20393->20396 20397 858379 20395->20397 20438 85555b 20396->20438 20432 857e30 20397->20432 20401->20389 20403 85e623 CallUnexpected EnterCriticalSection LeaveCriticalSection 20402->20403 20404 858358 20403->20404 20404->20393 20405 85e3c7 20404->20405 20406 85e3d3 ___scrt_is_nonwritable_in_current_image 20405->20406 20407 85e435 CallUnexpected 20406->20407 20408 85c2bb __dosmaperr 14 API calls 20406->20408 20409 85e423 20406->20409 20411 85e404 CallUnexpected 20406->20411 20413 85e46b CallUnexpected 20407->20413 20415 8580e1 std::_Lockit::_Lockit EnterCriticalSection 20407->20415 20408->20411 20410 8576e4 __strnicoll 14 API calls 20409->20410 20412 85e428 20410->20412 20411->20407 20411->20409 20431 85e40d 20411->20431 20417 85e5a5 20413->20417 20418 85e4a8 20413->20418 20428 85e4d6 20413->20428 20415->20413 20416 85e551 CallUnexpected LeaveCriticalSection 20420 85e5b0 20417->20420 20422 8580f8 std::_Lockit::~_Lockit LeaveCriticalSection 20417->20422 20424 85c16a __Getctype 39 API calls 20418->20424 20418->20428 20422->20420 20428->20416 20431->20393 20433 857e4c __fread_nolock CallUnexpected 20432->20433 20434 857e78 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 20433->20434 20439 855690 CallUnexpected 21 API calls 20438->20439 20440 85556c 20439->20440 20442 85c16a __Getctype 39 API calls 20441->20442 20443 85db07 20442->20443 20443->20339 20454 854d68 20444->20454 20446 854e01 20448 857f78 _Fputc 29 API calls 20446->20448 20447 854dec 20447->20446 20449 854e34 20447->20449 20453 854e1c std::_Locinfo::_Locinfo_dtor 20447->20453 20448->20453 20450 854ecb 20449->20450 20461 854db1 20449->20461 20451 854db1 29 API calls 20450->20451 20451->20453 20453->20250 20455 854d80 20454->20455 20456 854d6d 20454->20456 20455->20447 20457 8576e4 __strnicoll 14 API calls 20456->20457 20458 854d72 20457->20458 20459 857dcf __strnicoll 29 API calls 20458->20459 20460 854d7d 20459->20460 20460->20447 20462 854dd6 20461->20462 20463 854dc2 20461->20463 20462->20450 20463->20462 20464 8576e4 __strnicoll 14 API calls 20463->20464 20465 854dcb 20464->20465 20466 857dcf __strnicoll 29 API calls 20465->20466 20466->20462 20468 854478 20467->20468 20520 85477e 20468->20520 20470 8544b7 20531 85e8ff 20470->20531 20473 853790 _Fputc 39 API calls 20474 85456e 20473->20474 20475 853790 _Fputc 39 API calls 20474->20475 20476 8545a1 20474->20476 20475->20476 20476->20284 20476->20476 20478 85430f 20477->20478 20479 854345 20478->20479 20480 85f430 _Fputc 41 API calls 20478->20480 20479->20284 20480->20479 20482 85487b 20481->20482 20483 85489d 20482->20483 20486 8548c4 20482->20486 20484 857f78 _Fputc 29 API calls 20483->20484 20485 8548ba 20484->20485 20485->20284 20486->20485 20487 85477e 15 API calls 20486->20487 20487->20485 20491 854638 20488->20491 20489 857f78 _Fputc 29 API calls 20490 854659 20489->20490 20490->20284 20491->20489 20491->20490 20493 854b95 20492->20493 20494 854bb7 20493->20494 20496 854bde 20493->20496 20495 857f78 _Fputc 29 API calls 20494->20495 20498 854bd4 20495->20498 20497 85477e 15 API calls 20496->20497 20496->20498 20497->20498 20498->20284 20500 8545fb 20499->20500 20692 8549f3 20500->20692 20502 85460b 20502->20284 20504 854866 30 API calls 20503->20504 20505 854621 20504->20505 20505->20284 20507 853add 20506->20507 20508 853ae5 20507->20508 20699 858c30 20507->20699 20508->20284 20511 85f445 20510->20511 20512 85f486 20511->20512 20513 853790 _Fputc 39 API calls 20511->20513 20515 85f472 __fread_nolock 20511->20515 20519 85f449 __fread_nolock _Fputc 20511->20519 20512->20515 20512->20519 20741 85c021 20512->20741 20513->20512 20514 857f78 _Fputc 29 API calls 20514->20519 20515->20514 20515->20519 20517 85f541 20518 85f557 GetLastError 20517->20518 20517->20519 20518->20515 20518->20519 20519->20288 20521 8547a5 20520->20521 20522 854793 20520->20522 20521->20522 20523 85bf11 __fread_nolock 15 API calls 20521->20523 20522->20470 20524 8547c9 20523->20524 20525 8547d1 20524->20525 20526 8547dc 20524->20526 20527 85bed7 ___free_lconv_mon 14 API calls 20525->20527 20550 85383d 20526->20550 20527->20522 20530 85bed7 ___free_lconv_mon 14 API calls 20530->20522 20532 85e934 20531->20532 20534 85e910 20531->20534 20532->20534 20535 85e967 20532->20535 20533 857f78 _Fputc 29 API calls 20545 85454a 20533->20545 20534->20533 20536 85e9a0 20535->20536 20537 85e9cf 20535->20537 20553 85eab4 20536->20553 20538 85e9f8 20537->20538 20539 85e9fd 20537->20539 20542 85ea25 20538->20542 20543 85ea5f 20538->20543 20561 85ee76 20539->20561 20546 85ea45 20542->20546 20547 85ea2a 20542->20547 20588 85ec9c 20543->20588 20545->20473 20545->20474 20581 85f291 20546->20581 20571 85f327 20547->20571 20551 85bed7 ___free_lconv_mon 14 API calls 20550->20551 20552 85384c 20551->20552 20552->20530 20554 85eaca 20553->20554 20555 85ead5 20553->20555 20554->20545 20595 85bb4c 20555->20595 20558 85eb3a 20558->20545 20560 85eb48 20562 85ee89 20561->20562 20563 85ee98 20562->20563 20564 85eeba 20562->20564 20565 857f78 _Fputc 29 API calls 20563->20565 20566 85eecf 20564->20566 20568 85ef22 20564->20568 20570 85eeb0 __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z _strrchr __allrem 20565->20570 20567 85ec9c 41 API calls 20566->20567 20567->20570 20569 853790 _Fputc 39 API calls 20568->20569 20568->20570 20569->20570 20570->20545 20608 867792 20571->20608 20582 867792 31 API calls 20581->20582 20583 85f2c0 20582->20583 20584 8675e7 29 API calls 20583->20584 20585 85f301 20584->20585 20586 85f308 20585->20586 20587 85f1a3 39 API calls 20585->20587 20586->20545 20587->20586 20589 867792 31 API calls 20588->20589 20590 85ecc6 20589->20590 20591 8675e7 29 API calls 20590->20591 20592 85ed14 20591->20592 20593 85ed1b 20592->20593 20594 85eb49 41 API calls 20592->20594 20593->20545 20594->20593 20596 85bb68 20595->20596 20597 85bb5a 20595->20597 20598 8576e4 __strnicoll 14 API calls 20596->20598 20597->20596 20602 85bb80 20597->20602 20599 85bb70 20598->20599 20601 857dcf __strnicoll 29 API calls 20599->20601 20600 85bb7a 20600->20558 20604 857dfc IsProcessorFeaturePresent 20600->20604 20601->20600 20602->20600 20603 8576e4 __strnicoll 14 API calls 20602->20603 20603->20599 20605 857e08 20604->20605 20606 857e30 CallUnexpected 8 API calls 20605->20606 20607 857e1d GetCurrentProcess TerminateProcess 20606->20607 20607->20560 20609 8677c6 20608->20609 20610 857343 29 API calls 20609->20610 20612 86782f 20610->20612 20611 86785b 20613 85bb4c ___std_exception_copy 29 API calls 20611->20613 20612->20611 20614 8678ed 20612->20614 20617 8678c8 20612->20617 20618 867888 20612->20618 20615 8678b8 20613->20615 20616 857343 29 API calls 20614->20616 20619 868d6d 20615->20619 20627 8678c3 20615->20627 20621 867917 20616->20621 20620 85bb4c ___std_exception_copy 29 API calls 20617->20620 20618->20611 20618->20614 20620->20615 20623 857343 29 API calls 20621->20623 20693 854a08 20692->20693 20694 854a2a 20693->20694 20697 854a51 20693->20697 20695 857f78 _Fputc 29 API calls 20694->20695 20696 854a47 20695->20696 20696->20502 20697->20696 20698 85477e 15 API calls 20697->20698 20698->20696 20700 858c4f 20699->20700 20701 858c3e 20699->20701 20700->20508 20704 864a37 20701->20704 20703 858c4a 20703->20508 20705 864ad2 20704->20705 20706 85f704 __fread_nolock 29 API calls 20705->20706 20707 864adf 20706->20707 20708 864aeb 20707->20708 20709 864b37 20707->20709 20728 864a4d 20707->20728 20708->20703 20709->20708 20711 864b99 20709->20711 20713 85e736 _Fputc 29 API calls 20709->20713 20717 864cc2 20711->20717 20715 864b8c 20713->20715 20715->20711 20736 86669f 20715->20736 20718 85f704 __fread_nolock 29 API calls 20717->20718 20719 864cd1 20718->20719 20720 864d77 20719->20720 20721 864ce4 20719->20721 20722 863e10 _Fputc 64 API calls 20720->20722 20723 864d01 20721->20723 20726 864d28 20721->20726 20725 864baa 20722->20725 20724 863e10 _Fputc 64 API calls 20723->20724 20724->20725 20725->20703 20726->20725 20727 862922 _Fputc 33 API calls 20726->20727 20727->20725 20729 864a67 20728->20729 20730 864a63 20728->20730 20731 86361f _Fputc 29 API calls 20729->20731 20735 864ab6 20729->20735 20730->20709 20732 864a88 20731->20732 20733 864a90 SetFilePointerEx 20732->20733 20732->20735 20734 864aa7 GetFileSizeEx 20733->20734 20733->20735 20734->20735 20735->20709 20737 85d2b4 __Getctype 14 API calls 20736->20737 20738 8666bc 20737->20738 20739 85bed7 ___free_lconv_mon 14 API calls 20738->20739 20740 8666c6 20739->20740 20740->20711 20742 85c034 _Fputc 20741->20742 20743 85c072 WideCharToMultiByte 20742->20743 20743->20517 20745 8585d1 20744->20745 20749 8585f8 20744->20749 20746 85f704 __fread_nolock 29 API calls 20745->20746 20745->20749 20747 8585ed 20746->20747 20750 863e10 20747->20750 20749->20198 20751 863e1c ___scrt_is_nonwritable_in_current_image 20750->20751 20752 863e5d 20751->20752 20754 863ea3 20751->20754 20760 863e24 20751->20760 20753 857f78 _Fputc 29 API calls 20752->20753 20753->20760 20761 863868 EnterCriticalSection 20754->20761 20756 863ea9 20757 863ec7 20756->20757 20762 863bf4 20756->20762 20790 863f19 20757->20790 20760->20749 20761->20756 20763 863c1c 20762->20763 20766 863c3f __fread_nolock 20762->20766 20764 863c20 20763->20764 20767 863c7b 20763->20767 20765 857f78 _Fputc 29 API calls 20764->20765 20765->20766 20766->20757 20771 863c99 20767->20771 20807 8629a2 20767->20807 20793 863f21 20771->20793 20772 863cb1 20774 863ce0 20772->20774 20775 863cb9 20772->20775 20773 863cf8 20776 863d61 WriteFile 20773->20776 20777 863d0c 20773->20777 20815 863f9e GetConsoleOutputCP 20774->20815 20775->20766 20810 864365 20775->20810 20779 863d83 GetLastError 20776->20779 20789 863cf3 20776->20789 20780 863d14 20777->20780 20781 863d4d 20777->20781 20779->20789 20784 863d39 20780->20784 20785 863d19 20780->20785 20800 8643cd 20781->20800 20785->20766 20789->20766 20849 86388b LeaveCriticalSection 20790->20849 20792 863f1f 20792->20760 20794 86744f __fread_nolock 29 API calls 20793->20794 20797 863f33 20794->20797 20795 863cab 20795->20772 20795->20773 20796 863f61 20796->20795 20799 863f7b GetConsoleMode 20796->20799 20797->20795 20797->20796 20798 853790 _Fputc 39 API calls 20797->20798 20798->20796 20799->20795 20805 8643dc _Fputc 20800->20805 20843 862b03 20807->20843 20809 8629bb 20809->20771 20811 8643bc 20810->20811 20814 864387 20810->20814 20811->20766 20812 86a2d1 5 API calls _Fputc 20812->20814 20813 8643be GetLastError 20813->20811 20814->20811 20814->20812 20814->20813 20816 864010 20815->20816 20825 864017 _Yarn 20815->20825 20817 853790 _Fputc 39 API calls 20816->20817 20817->20825 20844 86361f _Fputc 29 API calls 20843->20844 20845 862b15 20844->20845 20846 862b31 SetFilePointerEx 20845->20846 20848 862b1d __fread_nolock 20845->20848 20847 862b49 GetLastError 20846->20847 20846->20848 20847->20848 20848->20809 20849->20792 20850->20168 20852 853809 20851->20852 20858 85c36c 20852->20858 20856 858000 GetLastError SetLastError 20855->20856 20857 858019 20855->20857 20856->20150 20857->20150 20859 85c385 20858->20859 20860 85c37f 20858->20860 20861 85cbd3 __Getctype 6 API calls 20859->20861 20879 853825 SetLastError 20859->20879 20862 85cb94 __Getctype 6 API calls 20860->20862 20863 85c39f 20861->20863 20862->20859 20864 85d2b4 __Getctype 14 API calls 20863->20864 20863->20879 20865 85c3af 20864->20865 20866 85c3b7 20865->20866 20867 85c3cc 20865->20867 20868 85cbd3 __Getctype 6 API calls 20866->20868 20869 85cbd3 __Getctype 6 API calls 20867->20869 20871 85c3c3 20868->20871 20870 85c3d8 20869->20870 20872 85c3dc 20870->20872 20873 85c3eb 20870->20873 20876 85bed7 ___free_lconv_mon 14 API calls 20871->20876 20874 85cbd3 __Getctype 6 API calls 20872->20874 20875 85c47c __Getctype 14 API calls 20873->20875 20874->20871 20877 85c3f6 20875->20877 20876->20879 20878 85bed7 ___free_lconv_mon 14 API calls 20877->20878 20878->20879 20879->20146 20880->20136 20883 84a668 ___std_exception_copy 20881->20883 20882 84a682 20882->20092 20883->20882 20884 855877 std::ios_base::_Init 2 API calls 20883->20884 20885 84a684 20883->20885 20884->20883 20886 84f338 std::ios_base::_Init 20885->20886 20887 84a68e Concurrency::cancel_current_task 20885->20887 20888 85060c Concurrency::cancel_current_task RaiseException 20886->20888 20897 85060c 20887->20897 20890 84f354 20888->20890 20891 84b4ce 20893 85060c Concurrency::cancel_current_task RaiseException 20892->20893 20894 842642 20893->20894 20900 850bf6 20894->20900 20898 850654 RaiseException 20897->20898 20899 850626 20897->20899 20898->20891 20899->20898 20901 850c03 ___std_exception_copy 20900->20901 20905 842678 20900->20905 20902 850c30 20901->20902 20903 85bb4c ___std_exception_copy 29 API calls 20901->20903 20901->20905 20906 8592d7 20902->20906 20903->20902 20905->20092 20907 85bed7 ___free_lconv_mon 14 API calls 20906->20907 20908 8592ef 20907->20908 20908->20905 20978 84a9f4 20909->20978 20912 84a9f4 std::_Lockit::_Lockit 7 API calls 20913 8444b7 20912->20913 20984 84aa25 20913->20984 20914 8444d8 20925 844556 20914->20925 20991 8445f0 20914->20991 20915 84aa25 std::_Lockit::~_Lockit 2 API calls 20918 844585 20915->20918 20918->20108 20920 844543 21003 84ab43 20920->21003 20921 844598 21008 843e50 20921->21008 20925->20915 20930 84df1e 20926->20930 20934 84df17 20926->20934 20927 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20928 84e01c 20927->20928 20928->20108 20931 84dfd0 20930->20931 20932 84df69 20930->20932 20930->20934 20931->20934 21333 85932d 20931->21333 20932->20934 21330 84dada 20932->21330 20934->20927 20936 842d5a 20935->20936 20937 842c90 20935->20937 20936->20101 20938 842cb3 20937->20938 20939 842c50 39 API calls 20937->20939 20943 842cd7 20937->20943 20938->20936 20940 8438e0 39 API calls 20938->20940 20939->20943 20940->20936 20941 842f00 std::ios_base::_Init 38 API calls 20941->20943 20942 8432c0 std::ios_base::_Init 30 API calls 20942->20943 20943->20938 20943->20941 20943->20942 20944 85060c Concurrency::cancel_current_task RaiseException 20943->20944 20944->20943 20946 843962 20945->20946 20947 843919 20945->20947 20946->20104 20947->20946 20948 842f00 std::ios_base::_Init 38 API calls 20947->20948 20949 843998 20948->20949 20950 8432c0 std::ios_base::_Init 30 API calls 20949->20950 20951 8439aa 20950->20951 20952 85060c Concurrency::cancel_current_task RaiseException 20951->20952 20952->20946 20954 842f34 20953->20954 20955 842f28 20953->20955 21457 84a6ef AcquireSRWLockExclusive 20954->21457 20955->20100 20957 842f40 20957->20955 21462 84a7a4 20957->21462 20962 843307 _strlen 20961->20962 20963 843312 20962->20963 20964 8433ff 20962->20964 20966 843352 20963->20966 20967 843369 20963->20967 20971 84331c _Yarn 20963->20971 21547 842600 20964->21547 20968 84a663 std::ios_base::_Init 3 API calls 20966->20968 20969 84a663 std::ios_base::_Init 3 API calls 20967->20969 20968->20971 20969->20971 20970 857ddf std::_Throw_Cpp_error 29 API calls 20972 843409 20970->20972 21530 843430 20971->21530 21550 841460 20972->21550 20975 84341f 20975->20100 20976 8433ad 20976->20970 20977 8433d3 _AnonymousOriginator 20976->20977 20977->20100 20979 84aa03 20978->20979 20980 84aa0a 20978->20980 21011 85810f 20979->21011 20982 84449a 20980->20982 21016 84fac8 EnterCriticalSection 20980->21016 20982->20912 20982->20914 20985 85811d 20984->20985 20986 84aa2f 20984->20986 21069 8580f8 LeaveCriticalSection 20985->21069 20990 84aa42 20986->20990 21068 84fad6 LeaveCriticalSection 20986->21068 20989 858124 20989->20914 20990->20914 20992 844628 20991->20992 20993 84453b 20991->20993 20992->20993 20994 84a663 std::ios_base::_Init 3 API calls 20992->20994 20993->20920 20993->20921 20995 84463b 20994->20995 21070 843e90 20995->21070 21004 84ab4e ___std_exception_copy 21003->21004 21005 84ab55 21004->21005 21326 84b4b2 21004->21326 21005->20925 21009 85060c Concurrency::cancel_current_task RaiseException 21008->21009 21010 843e82 21009->21010 21017 85ced4 21011->21017 21016->20982 21038 85d05b 21017->21038 21039 85cfd6 std::_Lockit::_Lockit 5 API calls 21038->21039 21040 85ced9 21039->21040 21041 85d075 21040->21041 21042 85cfd6 std::_Lockit::_Lockit 5 API calls 21041->21042 21043 85cede 21042->21043 21044 85d08f 21043->21044 21045 85cfd6 std::_Lockit::_Lockit 5 API calls 21044->21045 21046 85cee3 21045->21046 21047 85d0a9 21046->21047 21048 85cfd6 std::_Lockit::_Lockit 5 API calls 21047->21048 21049 85cee8 21048->21049 21050 85d0c3 21049->21050 21051 85cfd6 std::_Lockit::_Lockit 5 API calls 21050->21051 21052 85ceed 21051->21052 21053 85d0dd 21052->21053 21054 85cfd6 std::_Lockit::_Lockit 5 API calls 21053->21054 21055 85cef2 21054->21055 21056 85d0f7 21055->21056 21057 85cfd6 std::_Lockit::_Lockit 5 API calls 21056->21057 21058 85cef7 21057->21058 21059 85d111 21058->21059 21060 85cfd6 std::_Lockit::_Lockit 5 API calls 21059->21060 21061 85cefc 21060->21061 21062 85d12b 21061->21062 21063 85cfd6 std::_Lockit::_Lockit 5 API calls 21062->21063 21064 85cf01 21063->21064 21065 85d145 21064->21065 21068->20990 21069->20989 21071 84a9f4 std::_Lockit::_Lockit 7 API calls 21070->21071 21072 843ecb 21071->21072 21073 843f3f 21072->21073 21074 843f18 21072->21074 21141 84b4ef 21073->21141 21132 84abc5 21074->21132 21146 85974f 21132->21146 21277 847900 21141->21277 21144 85060c Concurrency::cancel_current_task RaiseException 21145 84b50e 21144->21145 21147 85ced4 std::_Lockit::_Lockit 5 API calls 21146->21147 21148 85975c 21147->21148 21155 859981 21148->21155 21156 85998d ___scrt_is_nonwritable_in_current_image 21155->21156 21163 8580e1 EnterCriticalSection 21156->21163 21158 85999b 21164 859822 21158->21164 21163->21158 21195 859787 21164->21195 21166 85983d 21196 8597a1 21195->21196 21197 859793 21195->21197 21262 866309 21196->21262 21247 8559d6 21197->21247 21200 85979d 21200->21166 21201 8597b8 21202 859817 21201->21202 21203 85d2b4 __Getctype 14 API calls 21201->21203 21204 857dfc __Getctype 11 API calls 21202->21204 21205 8597d3 21203->21205 21206 859821 21204->21206 21208 866309 std::_Locinfo::_Locinfo_dtor 41 API calls 21205->21208 21216 8597fb 21205->21216 21210 859787 std::_Locinfo::_Locinfo_dtor 64 API calls 21206->21210 21211 8597ea 21208->21211 21248 855a00 21247->21248 21249 8559ec 21247->21249 21251 85c16a __Getctype 39 API calls 21248->21251 21250 8576e4 __strnicoll 14 API calls 21249->21250 21252 8559f1 21250->21252 21253 855a05 21251->21253 21254 857dcf __strnicoll 29 API calls 21252->21254 21255 85ced4 std::_Lockit::_Lockit 5 API calls 21253->21255 21256 8559fc 21254->21256 21257 855a0d 21255->21257 21256->21200 21258 8608a5 __Getctype 39 API calls 21257->21258 21259 855a12 21258->21259 21260 856ff3 std::_Locinfo::_Locinfo_dtor 60 API calls 21259->21260 21263 86631c _Fputc 21262->21263 21264 86650d std::_Locinfo::_Locinfo_dtor 41 API calls 21263->21264 21265 866334 _Fputc 21264->21265 21265->21201 21278 850bf6 ___std_exception_copy 29 API calls 21277->21278 21279 84793e 21278->21279 21280 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21279->21280 21281 847952 21280->21281 21281->21144 21327 84b4c0 Concurrency::cancel_current_task 21326->21327 21328 85060c Concurrency::cancel_current_task RaiseException 21327->21328 21329 84b4ce 21328->21329 21337 858d91 21330->21337 21332 84dae8 21332->20934 21334 859340 _Fputc 21333->21334 21419 85950e 21334->21419 21336 859355 _Fputc 21336->20934 21338 858da4 _Fputc 21337->21338 21341 858f33 21338->21341 21340 858db3 _Fputc 21340->21332 21342 858f3f ___scrt_is_nonwritable_in_current_image 21341->21342 21343 858f46 21342->21343 21344 858f6b 21342->21344 21345 857f78 _Fputc 29 API calls 21343->21345 21352 853315 EnterCriticalSection 21344->21352 21351 858f61 21345->21351 21347 858f7a 21353 858dc7 21347->21353 21351->21340 21352->21347 21354 858dec 21353->21354 21355 858dfe 21353->21355 21385 858eff 21354->21385 21357 85f704 __fread_nolock 29 API calls 21355->21357 21358 858e05 21357->21358 21359 85f704 __fread_nolock 29 API calls 21358->21359 21364 858e2d 21358->21364 21361 858e16 21359->21361 21360 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21362 858efd 21360->21362 21361->21364 21366 85f704 __fread_nolock 29 API calls 21361->21366 21382 858fbb 21362->21382 21363 858ee3 21365 858eff _Fputc 66 API calls 21363->21365 21364->21363 21367 85f704 __fread_nolock 29 API calls 21364->21367 21368 858df6 21365->21368 21369 858e22 21366->21369 21370 858e60 21367->21370 21368->21360 21371 85f704 __fread_nolock 29 API calls 21369->21371 21372 858e83 21370->21372 21373 85f704 __fread_nolock 29 API calls 21370->21373 21371->21364 21372->21363 21374 858e9b 21372->21374 21375 858e6c 21373->21375 21376 85f430 _Fputc 41 API calls 21374->21376 21375->21372 21378 85f704 __fread_nolock 29 API calls 21375->21378 21377 858ead 21376->21377 21377->21368 21381 858c30 _Fputc 66 API calls 21377->21381 21379 858e78 21378->21379 21380 85f704 __fread_nolock 29 API calls 21379->21380 21380->21372 21381->21377 21418 853329 LeaveCriticalSection 21382->21418 21384 858fc1 21384->21351 21386 858f22 21385->21386 21387 858f0d 21385->21387 21386->21368 21390 864a42 21387->21390 21389 858f1d 21389->21368 21391 864bc8 21390->21391 21392 85f704 __fread_nolock 29 API calls 21391->21392 21393 864bd5 21392->21393 21394 864be1 21393->21394 21395 864c2f 21393->21395 21396 864a4d _Fputc 31 API calls 21393->21396 21394->21389 21395->21394 21397 864c91 21395->21397 21398 85e736 _Fputc 29 API calls 21395->21398 21396->21395 21403 864d94 21397->21403 21401 864c84 21398->21401 21401->21397 21402 86669f _Ungetc 14 API calls 21401->21402 21402->21397 21404 85f704 __fread_nolock 29 API calls 21403->21404 21418->21384 21420 859544 21419->21420 21421 85951c 21419->21421 21420->21336 21421->21420 21422 859529 21421->21422 21423 85954b 21421->21423 21424 857f78 _Fputc 29 API calls 21422->21424 21427 8595d1 21423->21427 21424->21420 21428 8595dd ___scrt_is_nonwritable_in_current_image 21427->21428 21435 853315 EnterCriticalSection 21428->21435 21430 8595eb 21436 859585 21430->21436 21435->21430 21437 85e68b 30 API calls 21436->21437 21438 85959d 21437->21438 21446 859367 21438->21446 21441 85e774 64 API calls 21442 8595c7 21441->21442 21443 859620 21442->21443 21456 853329 LeaveCriticalSection 21443->21456 21445 859583 21445->21336 21449 859379 21446->21449 21451 8593a2 21446->21451 21447 859387 21448 857f78 _Fputc 29 API calls 21447->21448 21448->21451 21449->21447 21449->21451 21455 8593bd _Yarn 21449->21455 21450 864a37 _Fputc 66 API calls 21450->21455 21451->21441 21452 8585b8 ___scrt_uninitialize_crt 64 API calls 21452->21455 21453 85f704 __fread_nolock 29 API calls 21453->21455 21454 863e10 _Fputc 64 API calls 21454->21455 21455->21450 21455->21451 21455->21452 21455->21453 21455->21454 21456->21445 21458 84a703 21457->21458 21459 84a708 ReleaseSRWLockExclusive 21458->21459 21466 84a78f SleepConditionVariableSRW 21458->21466 21459->20957 21467 84a7b9 21462->21467 21465 84a73e AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 21465->20955 21466->21458 21468 84a7cf 21467->21468 21469 84a7c8 21467->21469 21476 8573cb 21468->21476 21473 85743c 21469->21473 21472 842f58 21472->21465 21474 8573cb std::ios_base::_Init 32 API calls 21473->21474 21475 85744e 21474->21475 21475->21472 21479 85762e 21476->21479 21480 85763a ___scrt_is_nonwritable_in_current_image 21479->21480 21487 8580e1 EnterCriticalSection 21480->21487 21482 857648 21488 857452 21482->21488 21484 857655 21498 85767d 21484->21498 21487->21482 21489 85746d 21488->21489 21490 8574e0 std::_Lockit::_Lockit 21488->21490 21489->21490 21491 8574c0 21489->21491 21501 8628b5 21489->21501 21490->21484 21491->21490 21493 8628b5 std::ios_base::_Init 32 API calls 21491->21493 21495 8574d6 21493->21495 21494 8574b6 21497 85bed7 ___free_lconv_mon 14 API calls 21494->21497 21496 85bed7 ___free_lconv_mon 14 API calls 21495->21496 21496->21490 21497->21491 21529 8580f8 LeaveCriticalSection 21498->21529 21500 8573fc 21500->21472 21502 8628c2 21501->21502 21503 8628dd 21501->21503 21502->21503 21504 8628ce 21502->21504 21505 8628ec 21503->21505 21510 869a54 21503->21510 21506 8576e4 __strnicoll 14 API calls 21504->21506 21517 8662a0 21505->21517 21509 8628d3 __fread_nolock 21506->21509 21509->21494 21511 869a74 HeapSize 21510->21511 21512 869a5f 21510->21512 21511->21505 21513 8576e4 __strnicoll 14 API calls 21512->21513 21514 869a64 21513->21514 21515 857dcf __strnicoll 29 API calls 21514->21515 21516 869a6f 21515->21516 21516->21505 21518 8662ad 21517->21518 21519 8662b8 21517->21519 21520 85bf11 __fread_nolock 15 API calls 21518->21520 21521 8662c0 21519->21521 21527 8662c9 __Getctype 21519->21527 21526 8662b5 21520->21526 21524 85bed7 ___free_lconv_mon 14 API calls 21521->21524 21522 8662f3 HeapReAlloc 21522->21526 21522->21527 21523 8662ce 21525 8576e4 __strnicoll 14 API calls 21523->21525 21524->21526 21525->21526 21526->21509 21527->21522 21527->21523 21528 855877 std::ios_base::_Init 2 API calls 21527->21528 21528->21527 21529->21500 21531 84345e 21530->21531 21532 843468 21531->21532 21533 84358b 21531->21533 21535 8434a4 21532->21535 21536 8434bd 21532->21536 21543 843470 _Yarn 21532->21543 21534 842600 std::_Throw_Cpp_error 30 API calls 21533->21534 21545 843530 21534->21545 21539 84a663 std::ios_base::_Init 3 API calls 21535->21539 21540 84a663 std::ios_base::_Init 3 API calls 21536->21540 21537 857ddf std::_Throw_Cpp_error 29 API calls 21541 843595 21537->21541 21539->21543 21540->21543 21542 8434f9 21544 850bf6 ___std_exception_copy 29 API calls 21542->21544 21554 8435a0 21543->21554 21544->21545 21545->21537 21546 84355c _AnonymousOriginator 21545->21546 21546->20976 21579 84b4cf 21547->21579 21551 84146c 21550->21551 21552 841486 _AnonymousOriginator 21550->21552 21551->21552 21553 857ddf std::_Throw_Cpp_error 29 API calls 21551->21553 21552->20975 21553->21551 21555 8435dd 21554->21555 21557 84361a 21554->21557 21555->21557 21565 843790 21555->21565 21558 843790 std::_Throw_Cpp_error 30 API calls 21557->21558 21559 8436b0 _Yarn 21557->21559 21558->21559 21560 8436fc _AnonymousOriginator 21559->21560 21561 857ddf std::_Throw_Cpp_error 29 API calls 21559->21561 21560->21542 21562 84374a 21561->21562 21563 841460 std::_Throw_Cpp_error 29 API calls 21562->21563 21564 84375f 21563->21564 21564->21542 21566 8438d5 21565->21566 21572 8437ad 21565->21572 21567 842600 std::_Throw_Cpp_error 30 API calls 21566->21567 21569 8437dc _Yarn 21567->21569 21568 8437d1 21570 84a663 std::ios_base::_Init 3 API calls 21568->21570 21571 857ddf std::_Throw_Cpp_error 29 API calls 21569->21571 21578 843841 _Yarn _AnonymousOriginator 21569->21578 21570->21569 21573 8438df 21571->21573 21572->21568 21572->21569 21574 8438c1 21572->21574 21575 8438bc 21572->21575 21576 84a663 std::ios_base::_Init 3 API calls 21574->21576 21577 842610 std::_Throw_Cpp_error 30 API calls 21575->21577 21576->21569 21577->21574 21578->21557 21584 84b59a 21579->21584 21582 85060c Concurrency::cancel_current_task RaiseException 21583 84b4ee 21582->21583 21587 84b14d 21584->21587 21588 850bf6 ___std_exception_copy 29 API calls 21587->21588 21589 84b179 21588->21589 21589->21582 21591 844b4f 21590->21591 21593 842c50 39 API calls 21591->21593 21594 844b6f 21591->21594 21592 842f00 std::ios_base::_Init 38 API calls 21592->21594 21593->21594 21594->21592 21595 8432c0 std::ios_base::_Init 30 API calls 21594->21595 21597 844c3e 21594->21597 21599 85060c Concurrency::cancel_current_task RaiseException 21594->21599 21595->21594 21596 841de4 21596->20116 21597->21596 21598 8438e0 39 API calls 21597->21598 21598->21596 21599->21594 21600 8498f0 21601 84990f 21600->21601 21602 8498f9 21600->21602 21614 84b57d 21601->21614 21607 842270 GetModuleHandleA GetModuleFileNameW 21602->21607 21618 85a89a 21607->21618 21609 8422b0 21622 841fb0 GetPEB 21609->21622 21611 8422b9 21612 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21611->21612 21613 8422ca 21612->21613 21615 84b58b Concurrency::cancel_current_task 21614->21615 21616 85060c Concurrency::cancel_current_task RaiseException 21615->21616 21617 84b599 21616->21617 21619 85a8ad _Fputc 21618->21619 21645 85a90f 21619->21645 21621 85a8bf _Fputc 21621->21609 21673 841240 21622->21673 21624 842009 CreateFileA 21626 842041 GetFileSize 21624->21626 21627 842225 21624->21627 21628 842055 21626->21628 21629 8421fc CloseHandle 21626->21629 21627->21611 21630 84205d ReadFile 21628->21630 21629->21627 21631 8421f3 21630->21631 21632 842079 CloseHandle 21630->21632 21631->21629 21633 842205 21632->21633 21644 842090 _Yarn _AnonymousOriginator _strlen 21632->21644 21685 841ef0 21633->21685 21635 84223b 21636 842600 std::_Throw_Cpp_error 30 API calls 21635->21636 21637 842247 21636->21637 21638 857ddf std::_Throw_Cpp_error 29 API calls 21637->21638 21640 84224c 21638->21640 21639 84a663 RaiseException EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 21639->21644 21641 841460 std::_Throw_Cpp_error 29 API calls 21640->21641 21643 84225f 21641->21643 21643->21611 21644->21633 21644->21635 21644->21637 21644->21639 21698 841000 21644->21698 21646 85a93f 21645->21646 21647 85a96c 21646->21647 21648 85a94e 21646->21648 21659 85a943 21646->21659 21650 85a979 21647->21650 21652 853790 _Fputc 39 API calls 21647->21652 21649 857f78 _Fputc 29 API calls 21648->21649 21649->21659 21653 85a9b1 21650->21653 21654 85a993 21650->21654 21651 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21657 85abb4 21651->21657 21652->21650 21655 85a9c5 21653->21655 21656 85ab41 21653->21656 21669 8666fb 21654->21669 21655->21659 21661 85aa5f 21655->21661 21665 85aa09 21655->21665 21656->21659 21660 85c021 _Fputc WideCharToMultiByte 21656->21660 21657->21621 21659->21651 21660->21659 21662 85c021 _Fputc WideCharToMultiByte 21661->21662 21664 85aa72 21662->21664 21663 85c021 _Fputc WideCharToMultiByte 21663->21659 21664->21659 21666 85aa8b GetLastError 21664->21666 21665->21663 21666->21659 21667 85aa9a 21666->21667 21667->21659 21668 85c021 _Fputc WideCharToMultiByte 21667->21668 21668->21667 21672 866732 _Yarn std::_Locinfo::_Locinfo_dtor 21669->21672 21670 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21671 866808 21670->21671 21671->21659 21672->21670 21676 841283 _Yarn _AnonymousOriginator _strlen 21673->21676 21684 841402 21673->21684 21674 841422 21675 842600 std::_Throw_Cpp_error 30 API calls 21674->21675 21677 84142e 21675->21677 21676->21674 21676->21677 21678 84a663 RaiseException EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 21676->21678 21682 841000 102 API calls 21676->21682 21676->21684 21679 857ddf std::_Throw_Cpp_error 29 API calls 21677->21679 21678->21676 21680 841433 21679->21680 21681 841460 std::_Throw_Cpp_error 29 API calls 21680->21681 21683 84144f 21681->21683 21682->21676 21683->21624 21684->21624 21686 841240 102 API calls 21685->21686 21687 841f18 FreeConsole 21686->21687 21704 8414b0 21687->21704 21689 841f39 21690 8414b0 103 API calls 21689->21690 21691 841f4a 21690->21691 21692 841240 102 API calls 21691->21692 21693 841f5d VirtualProtect 21692->21693 21695 841f7e 21693->21695 21696 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21695->21696 21697 841fa3 21696->21697 21697->21627 21699 841013 21698->21699 21719 842750 21699->21719 21707 8414f0 21704->21707 21705 844320 30 API calls 21705->21707 21706 841750 103 API calls 21706->21707 21707->21705 21707->21706 21708 841d10 75 API calls 21707->21708 21709 841702 _AnonymousOriginator 21707->21709 21710 8416dd 21707->21710 21708->21707 21709->21689 21710->21709 21711 857ddf std::_Throw_Cpp_error 29 API calls 21710->21711 21712 841725 21711->21712 21714 841ea0 21712->21714 21715 841ea9 21714->21715 21716 841ec2 _AnonymousOriginator 21714->21716 21715->21716 21717 857ddf std::_Throw_Cpp_error 29 API calls 21715->21717 21718 841eec 21717->21718 21720 8427ae 21719->21720 21721 842c50 39 API calls 21720->21721 21724 8427fa 21720->21724 21729 8427d1 21720->21729 21721->21724 21722 842f00 std::ios_base::_Init 38 API calls 21722->21729 21723 8432c0 std::ios_base::_Init 30 API calls 21723->21729 21724->21729 21739 84cfb0 21724->21739 21725 841028 21731 841110 21725->21731 21726 8429de 21726->21725 21727 8438e0 39 API calls 21726->21727 21727->21725 21728 85060c Concurrency::cancel_current_task RaiseException 21728->21729 21729->21722 21729->21723 21729->21726 21729->21728 21732 84115c 21731->21732 21743 843c70 21732->21743 21737 842c50 39 API calls 21738 841031 21737->21738 21738->21644 21740 84cfbf 21739->21740 21741 84cfd2 _Yarn 21739->21741 21740->21729 21741->21740 21742 85932d 69 API calls 21741->21742 21742->21740 21744 84a9f4 std::_Lockit::_Lockit 7 API calls 21743->21744 21745 843caa 21744->21745 21746 84a9f4 std::_Lockit::_Lockit 7 API calls 21745->21746 21748 843ce5 21745->21748 21747 843cc4 21746->21747 21752 84aa25 std::_Lockit::~_Lockit 2 API calls 21747->21752 21750 84a663 std::ios_base::_Init 3 API calls 21748->21750 21761 843daf 21748->21761 21749 84aa25 std::_Lockit::~_Lockit 2 API calls 21751 841170 21749->21751 21753 843d4a 21750->21753 21762 843a00 21751->21762 21752->21748 21754 843e90 codecvt 67 API calls 21753->21754 21755 843d7c 21754->21755 21756 84ecbf __Getctype 39 API calls 21755->21756 21757 843d97 21756->21757 21758 844010 codecvt 65 API calls 21757->21758 21759 843da2 21758->21759 21760 84ab43 RaiseException 21759->21760 21760->21761 21761->21749 21763 843a3f 21762->21763 21765 842c50 39 API calls 21763->21765 21766 843a85 21763->21766 21767 843a5f 21763->21767 21764 842f00 std::ios_base::_Init 38 API calls 21764->21767 21765->21766 21766->21767 21776 84cb40 21766->21776 21785 84cb32 21766->21785 21798 84cb22 21766->21798 21767->21764 21768 843b2d 21767->21768 21769 8432c0 std::ios_base::_Init 30 API calls 21767->21769 21771 85060c Concurrency::cancel_current_task RaiseException 21767->21771 21770 8438e0 39 API calls 21768->21770 21772 8411e4 21768->21772 21769->21767 21770->21772 21771->21767 21772->21737 21779 84cb63 21776->21779 21781 84cb5c 21776->21781 21777 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21778 84cc48 21777->21778 21778->21767 21779->21781 21782 84cc09 21779->21782 21783 84cba9 21779->21783 21781->21777 21782->21781 21784 85932d 69 API calls 21782->21784 21783->21781 21810 84c44d 21783->21810 21784->21781 21786 84cb39 21785->21786 21790 84cb85 21785->21790 21837 853329 LeaveCriticalSection 21786->21837 21788 84cb10 21788->21767 21789 84cb3e 21789->21767 21790->21788 21791 84cc09 21790->21791 21792 84cbea 21790->21792 21793 85932d 69 API calls 21791->21793 21794 84cbfb 21791->21794 21792->21794 21795 84c44d _Fputc 68 API calls 21792->21795 21793->21794 21796 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21794->21796 21795->21794 21797 84cc48 21796->21797 21797->21767 21799 84cb29 21798->21799 21805 84cb75 21798->21805 21838 853315 EnterCriticalSection 21799->21838 21801 84cb2e 21801->21767 21802 84cb79 21803 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21802->21803 21804 84cc48 21803->21804 21804->21767 21805->21802 21807 84cc09 21805->21807 21808 84cba9 21805->21808 21806 84c44d _Fputc 68 API calls 21806->21802 21807->21802 21809 85932d 69 API calls 21807->21809 21808->21802 21808->21806 21809->21802 21813 858bfc 21810->21813 21814 858c0f _Fputc 21813->21814 21817 858c5d 21814->21817 21818 858c69 ___scrt_is_nonwritable_in_current_image 21817->21818 21819 858c96 21818->21819 21820 858c72 21818->21820 21833 853315 EnterCriticalSection 21819->21833 21821 857f78 _Fputc 29 API calls 21820->21821 21837->21789 21838->21801 21839 84b060 21862 84afc4 GetModuleHandleExW 21839->21862 21842 84afc4 Concurrency::details::_Reschedule_chore GetModuleHandleExW 21844 84b0ac 21842->21844 21850 84b0cd 21844->21850 21879 84afa7 GetModuleHandleExW 21844->21879 21848 84b0a6 21848->21842 21849 84b0bd 21849->21850 21851 84b0c3 FreeLibraryWhenCallbackReturns 21849->21851 21864 847770 21850->21864 21851->21850 21852 84b0dd 21853 84afc4 Concurrency::details::_Reschedule_chore GetModuleHandleExW 21852->21853 21854 84b0e3 21853->21854 21855 84b111 21854->21855 21856 84aefa 37 API calls 21854->21856 21857 84b0ef 21856->21857 21858 84efd2 ReleaseSRWLockExclusive 21857->21858 21859 84b102 21858->21859 21859->21855 21880 84e95d WakeAllConditionVariable 21859->21880 21863 84afda 21862->21863 21863->21848 21870 84aefa 21863->21870 21865 8477af 21864->21865 21881 848aa0 21865->21881 21866 8477b9 21886 84af64 21866->21886 21868 8477cb 21868->21852 21871 84efc1 12 API calls 21870->21871 21872 84af03 21871->21872 21873 84b317 std::_Throw_Cpp_error 30 API calls 21872->21873 21874 84af17 21872->21874 21875 84af20 21873->21875 21876 84efd2 21874->21876 21877 84efed 21876->21877 21878 84efdf ReleaseSRWLockExclusive 21876->21878 21877->21848 21878->21877 21879->21849 21880->21855 21882 848add 21881->21882 21883 848ae8 21882->21883 21889 8490e0 21882->21889 21906 8490f0 21882->21906 21883->21866 21887 84af70 CloseThreadpoolWork 21886->21887 21888 84af7b 21886->21888 21887->21888 21888->21868 21890 8490ea 21889->21890 21922 84efc1 21890->21922 21893 849136 21895 849143 21893->21895 21896 8491ce 21893->21896 21894 8491c7 21932 84b317 21894->21932 21898 849174 21895->21898 21899 84914b 21895->21899 21900 84b317 std::_Throw_Cpp_error 30 API calls 21896->21900 21901 84efd2 ReleaseSRWLockExclusive 21898->21901 21902 84efd2 ReleaseSRWLockExclusive 21899->21902 21903 849151 std::_Throw_Cpp_error 21900->21903 21904 849181 21901->21904 21902->21903 21903->21883 21925 8492f0 21904->21925 21907 84efc1 12 API calls 21906->21907 21908 84912b 21907->21908 21909 849136 21908->21909 21910 8491c7 21908->21910 21911 849143 21909->21911 21912 8491ce 21909->21912 21913 84b317 std::_Throw_Cpp_error 30 API calls 21910->21913 21914 849174 21911->21914 21915 84914b 21911->21915 21916 84b317 std::_Throw_Cpp_error 30 API calls 21912->21916 21913->21912 21917 84efd2 ReleaseSRWLockExclusive 21914->21917 21918 84efd2 ReleaseSRWLockExclusive 21915->21918 21919 849151 std::_Throw_Cpp_error 21916->21919 21920 849181 21917->21920 21918->21919 21919->21883 21921 8492f0 66 API calls 21920->21921 21921->21919 21938 84eff1 GetCurrentThreadId 21922->21938 21964 849620 21925->21964 21929 84939f 21973 849400 21929->21973 21933 84b32d std::_Throw_Cpp_error 21932->21933 22068 84b352 21933->22068 21939 84f03a 21938->21939 21940 84f01b 21938->21940 21942 84f043 21939->21942 21943 84f05a 21939->21943 21941 84f020 AcquireSRWLockExclusive 21940->21941 21949 84f030 21940->21949 21941->21949 21944 84f04e AcquireSRWLockExclusive 21942->21944 21942->21949 21945 84f0b9 21943->21945 21952 84f072 21943->21952 21944->21949 21947 84f0c0 TryAcquireSRWLockExclusive 21945->21947 21945->21949 21946 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21948 84912b 21946->21948 21947->21949 21948->21893 21948->21894 21949->21946 21951 84f0a9 TryAcquireSRWLockExclusive 21951->21949 21951->21952 21952->21949 21952->21951 21953 84fdcd 21952->21953 21956 84fda6 21953->21956 21955 84fdd8 __aulldiv __aullrem 21955->21952 21959 8500b4 21956->21959 21960 8500e4 GetSystemTimePreciseAsFileTime 21959->21960 21961 8500f0 GetSystemTimeAsFileTime 21959->21961 21962 84fdb4 21960->21962 21961->21962 21962->21955 21965 849667 21964->21965 21966 84a663 std::ios_base::_Init 3 API calls 21965->21966 21967 84935f 21966->21967 21968 8494f0 21967->21968 21969 849536 std::_Throw_Cpp_error 21968->21969 21970 84b57d Concurrency::cancel_current_task RaiseException 21969->21970 21972 849540 std::_Throw_Cpp_error 21969->21972 21971 8495be std::_Throw_Cpp_error 21970->21971 21971->21929 21972->21929 21974 84efc1 12 API calls 21973->21974 21975 849418 21974->21975 21976 8494c6 21975->21976 21977 8494cd 21975->21977 21980 849443 21975->21980 21981 849438 21975->21981 21978 84b317 std::_Throw_Cpp_error 30 API calls 21976->21978 21979 84b317 std::_Throw_Cpp_error 30 API calls 21977->21979 21978->21977 21982 8494db 21979->21982 21984 84efd2 ReleaseSRWLockExclusive 21980->21984 21983 84efd2 ReleaseSRWLockExclusive 21981->21983 21985 84b317 std::_Throw_Cpp_error 30 API calls 21982->21985 21986 8493ae 21983->21986 21987 849450 21984->21987 21988 8494ec 21985->21988 21986->21903 21989 84efc1 12 API calls 21987->21989 21990 84945c 21989->21990 21990->21976 21991 849463 21990->21991 21991->21982 21992 84946f 21991->21992 21998 84e95d WakeAllConditionVariable 21992->21998 21994 84948b 21995 84efd2 ReleaseSRWLockExclusive 21994->21995 21997 849494 21995->21997 21997->21986 21999 847a10 21997->21999 21998->21994 22000 847a4f 21999->22000 22002 847a75 22000->22002 22003 847b60 22000->22003 22002->21997 22069 84b35e __EH_prolog3_GS 22068->22069 22076 84b281 22069->22076 22072 843430 std::_Throw_Cpp_error 30 API calls 22073 84b387 std::_Throw_Cpp_error 22072->22073 22080 84fb97 22073->22080 22077 84b29e 22076->22077 22077->22077 22083 84b39f 22077->22083 22079 84b2b2 22079->22072 22081 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 22080->22081 22082 84fba1 22081->22082 22082->22082 22084 84b417 22083->22084 22087 84b3b6 std::_Throw_Cpp_error 22083->22087 22085 842600 std::_Throw_Cpp_error 30 API calls 22084->22085 22086 84b41c 22085->22086 22089 84b3bd _Yarn std::_Throw_Cpp_error 22087->22089 22090 84b449 22087->22090 22089->22079 22091 84b455 22090->22091 22092 84b453 22090->22092 22093 84b464 22091->22093 22094 84b45d 22091->22094 22092->22089 22096 84a663 std::ios_base::_Init 3 API calls 22093->22096 22098 84b46c 22094->22098 22097 84b462 22096->22097 22097->22089 22099 842610 22098->22099 22100 84b47d 22098->22100 22101 85060c Concurrency::cancel_current_task RaiseException 22099->22101 22102 84a663 std::ios_base::_Init 3 API calls 22100->22102 22103 842642 22101->22103 22104 84b483 22102->22104 22105 850bf6 ___std_exception_copy 29 API calls 22103->22105 22104->22097 22106 842678 22105->22106 22106->22097 22107 850312 22108 85031e ___scrt_is_nonwritable_in_current_image 22107->22108 22133 84a8ca 22108->22133 22110 850325 22111 85047e 22110->22111 22120 85034f ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 22110->22120 22188 84f8e9 IsProcessorFeaturePresent 22111->22188 22113 850485 22168 855545 22113->22168 22116 85555b CallUnexpected 21 API calls 22117 850493 22116->22117 22118 85036e 22119 8503ef 22144 857abc 22119->22144 22120->22118 22120->22119 22171 85558f 22120->22171 22123 8503f5 22148 8424b0 GetConsoleWindow ShowWindow 22123->22148 22125 85040c 22177 84f896 GetModuleHandleW 22125->22177 22128 85041a 22129 850423 22128->22129 22179 855571 22128->22179 22182 84a903 22129->22182 22134 84a8d3 22133->22134 22192 84f555 IsProcessorFeaturePresent 22134->22192 22138 84a8e4 22139 84a8e8 22138->22139 22202 853230 22138->22202 22139->22110 22142 84a8ff 22142->22110 22145 857ac5 22144->22145 22146 857aca 22144->22146 22274 857be5 22145->22274 22146->22123 22149 84a663 std::ios_base::_Init 3 API calls 22148->22149 22150 8424f3 22149->22150 22730 855349 22150->22730 22152 842513 22153 842554 22152->22153 22154 84251d 22152->22154 22156 84b317 std::_Throw_Cpp_error 30 API calls 22153->22156 22155 842524 GetCurrentThreadId 22154->22155 22160 84256c 22154->22160 22158 84257d 22155->22158 22159 84252d 22155->22159 22156->22160 22157 84b317 std::_Throw_Cpp_error 30 API calls 22157->22158 22161 84b317 std::_Throw_Cpp_error 30 API calls 22158->22161 22745 84f11d WaitForSingleObjectEx 22159->22745 22160->22157 22163 84258e 22161->22163 22166 84b317 std::_Throw_Cpp_error 30 API calls 22163->22166 22165 842541 22165->22125 22167 84259f 22166->22167 22167->22125 22807 855690 22168->22807 22172 8555a5 ___scrt_is_nonwritable_in_current_image std::_Lockit::_Lockit 22171->22172 22172->22119 22173 85c16a __Getctype 39 API calls 22172->22173 22176 85a17c 22173->22176 22174 858353 CallUnexpected 39 API calls 22175 85a1a6 22174->22175 22176->22174 22178 84f8a2 22177->22178 22178->22113 22178->22128 22180 855690 CallUnexpected 21 API calls 22179->22180 22181 85557c 22180->22181 22181->22129 22183 84a90f 22182->22183 22187 84a925 22183->22187 22880 853242 22183->22880 22185 84a91d 22186 850ce7 ___scrt_uninitialize_crt 7 API calls 22185->22186 22186->22187 22187->22118 22189 84f8ff __fread_nolock CallUnexpected 22188->22189 22190 84f9aa IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 22189->22190 22191 84f9ee CallUnexpected 22190->22191 22191->22113 22193 84a8df 22192->22193 22194 850cc8 22193->22194 22211 85bba6 22194->22211 22198 850cd9 22199 850ce4 22198->22199 22225 85bbe2 22198->22225 22199->22138 22201 850cd1 22201->22138 22265 85e2e9 22202->22265 22205 850ce7 22206 850cf0 22205->22206 22207 850cfa 22205->22207 22208 85acbe ___vcrt_uninitialize_ptd 6 API calls 22206->22208 22207->22139 22209 850cf5 22208->22209 22210 85bbe2 ___vcrt_uninitialize_locks DeleteCriticalSection 22209->22210 22210->22207 22212 85bbaf 22211->22212 22214 85bbd8 22212->22214 22215 850ccd 22212->22215 22229 8668f9 22212->22229 22216 85bbe2 ___vcrt_uninitialize_locks DeleteCriticalSection 22214->22216 22215->22201 22217 85ac8b 22215->22217 22216->22215 22246 86680a 22217->22246 22220 85aca0 22220->22198 22223 85acbb 22223->22198 22226 85bc0c 22225->22226 22227 85bbed 22225->22227 22226->22201 22228 85bbf7 DeleteCriticalSection 22227->22228 22228->22226 22228->22228 22234 86698b 22229->22234 22232 866931 InitializeCriticalSectionAndSpinCount 22233 86691c 22232->22233 22233->22212 22235 866913 22234->22235 22238 8669ac 22234->22238 22235->22232 22235->22233 22237 866a14 GetProcAddress 22237->22235 22238->22235 22238->22237 22239 866a05 22238->22239 22241 866940 LoadLibraryExW 22238->22241 22239->22237 22240 866a0d FreeLibrary 22239->22240 22240->22237 22242 866957 GetLastError 22241->22242 22243 866987 22241->22243 22242->22243 22244 866962 ___vcrt_FlsFree 22242->22244 22243->22238 22244->22243 22245 866978 LoadLibraryExW 22244->22245 22245->22238 22247 86698b ___vcrt_FlsFree 5 API calls 22246->22247 22248 866824 22247->22248 22249 86683d TlsAlloc 22248->22249 22250 85ac95 22248->22250 22250->22220 22251 8668bb 22250->22251 22252 86698b ___vcrt_FlsFree 5 API calls 22251->22252 22253 8668d5 22252->22253 22254 8668f0 TlsSetValue 22253->22254 22255 85acae 22253->22255 22254->22255 22255->22223 22256 85acbe 22255->22256 22257 85acce 22256->22257 22258 85acc8 22256->22258 22257->22220 22260 866845 22258->22260 22261 86698b ___vcrt_FlsFree 5 API calls 22260->22261 22262 86685f 22261->22262 22263 866877 TlsFree 22262->22263 22264 86686b 22262->22264 22263->22264 22264->22257 22266 85e2f9 22265->22266 22267 84a8f1 22265->22267 22266->22267 22269 85da52 22266->22269 22267->22142 22267->22205 22273 85da59 22269->22273 22270 85da9c GetStdHandle 22270->22273 22271 85dafe 22271->22266 22272 85daaf GetFileType 22272->22273 22273->22270 22273->22271 22273->22272 22275 857bee 22274->22275 22278 857c04 22274->22278 22275->22278 22280 857b26 22275->22280 22277 857bfb 22277->22278 22297 857cf3 22277->22297 22278->22146 22281 857b32 22280->22281 22282 857b2f 22280->22282 22306 85db20 22281->22306 22282->22277 22287 857b43 22289 85bed7 ___free_lconv_mon 14 API calls 22287->22289 22288 857b4f 22333 857c11 22288->22333 22292 857b49 22289->22292 22292->22277 22293 85bed7 ___free_lconv_mon 14 API calls 22294 857b73 22293->22294 22295 85bed7 ___free_lconv_mon 14 API calls 22294->22295 22296 857b79 22295->22296 22296->22277 22298 857d64 22297->22298 22304 857d02 22297->22304 22298->22278 22299 85d2b4 __Getctype 14 API calls 22299->22304 22300 857d68 22301 85bed7 ___free_lconv_mon 14 API calls 22300->22301 22301->22298 22302 85c021 WideCharToMultiByte _Fputc 22302->22304 22304->22298 22304->22299 22304->22300 22304->22302 22305 85bed7 ___free_lconv_mon 14 API calls 22304->22305 22546 863295 22304->22546 22305->22304 22307 857b38 22306->22307 22308 85db29 22306->22308 22312 8631be GetEnvironmentStringsW 22307->22312 22355 85c225 22308->22355 22313 8631d6 22312->22313 22314 857b3d 22312->22314 22315 85c021 _Fputc WideCharToMultiByte 22313->22315 22314->22287 22314->22288 22316 8631f3 22315->22316 22317 8631fd FreeEnvironmentStringsW 22316->22317 22318 863208 22316->22318 22317->22314 22319 85bf11 __fread_nolock 15 API calls 22318->22319 22320 86320f 22319->22320 22321 863217 22320->22321 22322 863228 22320->22322 22323 85bed7 ___free_lconv_mon 14 API calls 22321->22323 22324 85c021 _Fputc WideCharToMultiByte 22322->22324 22325 86321c FreeEnvironmentStringsW 22323->22325 22326 863238 22324->22326 22325->22314 22327 863247 22326->22327 22328 86323f 22326->22328 22330 85bed7 ___free_lconv_mon 14 API calls 22327->22330 22329 85bed7 ___free_lconv_mon 14 API calls 22328->22329 22331 863245 FreeEnvironmentStringsW 22329->22331 22330->22331 22331->22314 22334 857c26 22333->22334 22335 85d2b4 __Getctype 14 API calls 22334->22335 22336 857c4d 22335->22336 22337 857c55 22336->22337 22346 857c5f 22336->22346 22338 85bed7 ___free_lconv_mon 14 API calls 22337->22338 22354 857b56 22338->22354 22339 857cbc 22340 85bed7 ___free_lconv_mon 14 API calls 22339->22340 22340->22354 22341 85d2b4 __Getctype 14 API calls 22341->22346 22342 857ccb 22540 857bb6 22342->22540 22344 85bb4c ___std_exception_copy 29 API calls 22344->22346 22346->22339 22346->22341 22346->22342 22346->22344 22348 857ce6 22346->22348 22350 85bed7 ___free_lconv_mon 14 API calls 22346->22350 22347 85bed7 ___free_lconv_mon 14 API calls 22349 857cd8 22347->22349 22351 857dfc __Getctype 11 API calls 22348->22351 22352 85bed7 ___free_lconv_mon 14 API calls 22349->22352 22350->22346 22353 857cf2 22351->22353 22352->22354 22354->22293 22356 85c230 22355->22356 22357 85c236 22355->22357 22358 85cb94 __Getctype 6 API calls 22356->22358 22359 85cbd3 __Getctype 6 API calls 22357->22359 22376 85c23c 22357->22376 22358->22357 22360 85c250 22359->22360 22361 85d2b4 __Getctype 14 API calls 22360->22361 22360->22376 22363 85c260 22361->22363 22362 858353 CallUnexpected 39 API calls 22364 85c2ba 22362->22364 22365 85c27d 22363->22365 22366 85c268 22363->22366 22367 85cbd3 __Getctype 6 API calls 22365->22367 22368 85cbd3 __Getctype 6 API calls 22366->22368 22369 85c289 22367->22369 22370 85c274 22368->22370 22371 85c28d 22369->22371 22372 85c29c 22369->22372 22375 85bed7 ___free_lconv_mon 14 API calls 22370->22375 22373 85cbd3 __Getctype 6 API calls 22371->22373 22374 85c47c __Getctype 14 API calls 22372->22374 22373->22370 22377 85c2a7 22374->22377 22375->22376 22376->22362 22379 85c241 22376->22379 22378 85bed7 ___free_lconv_mon 14 API calls 22377->22378 22378->22379 22380 85dee1 22379->22380 22381 85df0b 22380->22381 22402 85dd6d 22381->22402 22384 85bf11 __fread_nolock 15 API calls 22385 85df35 22384->22385 22386 85df3d 22385->22386 22387 85df4b 22385->22387 22388 85bed7 ___free_lconv_mon 14 API calls 22386->22388 22409 85db68 22387->22409 22391 85df24 22388->22391 22391->22307 22392 85df83 22393 8576e4 __strnicoll 14 API calls 22392->22393 22395 85df88 22393->22395 22394 85dfca 22397 85e013 22394->22397 22420 85e29c 22394->22420 22398 85bed7 ___free_lconv_mon 14 API calls 22395->22398 22396 85df9e 22396->22394 22399 85bed7 ___free_lconv_mon 14 API calls 22396->22399 22401 85bed7 ___free_lconv_mon 14 API calls 22397->22401 22398->22391 22399->22394 22401->22391 22428 85297a 22402->22428 22405 85dda0 22407 85ddb7 22405->22407 22408 85dda5 GetACP 22405->22408 22406 85dd8e GetOEMCP 22406->22407 22407->22384 22407->22391 22408->22407 22410 85dd6d 41 API calls 22409->22410 22411 85db88 22410->22411 22413 85dbc5 IsValidCodePage 22411->22413 22418 85dc8d 22411->22418 22419 85dbe0 __fread_nolock 22411->22419 22412 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 22414 85dd6b 22412->22414 22415 85dbd7 22413->22415 22413->22418 22414->22392 22414->22396 22416 85dc00 GetCPInfo 22415->22416 22415->22419 22416->22418 22416->22419 22418->22412 22440 85e0f7 22419->22440 22421 85e2a8 ___scrt_is_nonwritable_in_current_image 22420->22421 22514 8580e1 EnterCriticalSection 22421->22514 22423 85e2b2 22429 852998 22428->22429 22430 852991 22428->22430 22429->22430 22431 85c16a __Getctype 39 API calls 22429->22431 22430->22405 22430->22406 22432 8529b9 22431->22432 22433 85c74e __Getctype 39 API calls 22432->22433 22434 8529cf 22433->22434 22436 85c77b 22434->22436 22437 85c7a3 22436->22437 22438 85c78e 22436->22438 22437->22430 22438->22437 22439 85db02 __strnicoll 39 API calls 22438->22439 22439->22437 22441 85e11f GetCPInfo 22440->22441 22450 85e1e8 22440->22450 22446 85e137 22441->22446 22441->22450 22442 84a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 22444 85e29a 22442->22444 22444->22418 22451 85d5a0 22446->22451 22450->22442 22452 85297a __strnicoll 39 API calls 22451->22452 22453 85d5c0 22452->22453 22471 85bf5f 22453->22471 22478 85bf89 22471->22478 22514->22423 22541 857bc3 22540->22541 22542 857be0 22540->22542 22543 857bda 22541->22543 22545 85bed7 ___free_lconv_mon 14 API calls 22541->22545 22542->22347 22544 85bed7 ___free_lconv_mon 14 API calls 22543->22544 22544->22542 22545->22541 22547 8632a0 22546->22547 22548 8632b1 22547->22548 22550 8632c4 ___from_strstr_to_strchr 22547->22550 22549 8576e4 __strnicoll 14 API calls 22548->22549 22558 8632b6 22549->22558 22551 8634db 22550->22551 22552 8632e4 22550->22552 22553 8576e4 __strnicoll 14 API calls 22551->22553 22609 863500 22552->22609 22554 8634e0 22553->22554 22556 85bed7 ___free_lconv_mon 14 API calls 22554->22556 22556->22558 22558->22304 22559 863328 22595 863314 22559->22595 22613 86351a 22559->22613 22560 86332a 22564 85d2b4 __Getctype 14 API calls 22560->22564 22560->22595 22562 863306 22567 863323 22562->22567 22568 86330f 22562->22568 22566 863338 22564->22566 22565 85bed7 ___free_lconv_mon 14 API calls 22565->22558 22570 85bed7 ___free_lconv_mon 14 API calls 22566->22570 22572 863500 39 API calls 22567->22572 22571 8576e4 __strnicoll 14 API calls 22568->22571 22569 86339d 22573 85bed7 ___free_lconv_mon 14 API calls 22569->22573 22574 863343 22570->22574 22571->22595 22572->22559 22582 8633a5 22573->22582 22574->22559 22577 85d2b4 __Getctype 14 API calls 22574->22577 22574->22595 22575 8633e8 22576 8628b5 std::ios_base::_Init 32 API calls 22575->22576 22575->22595 22578 863416 22576->22578 22579 86335f 22577->22579 22581 85bed7 ___free_lconv_mon 14 API calls 22578->22581 22584 85bed7 ___free_lconv_mon 14 API calls 22579->22584 22580 8634d0 22585 85bed7 ___free_lconv_mon 14 API calls 22580->22585 22586 8633d2 22581->22586 22583 8628b5 std::ios_base::_Init 32 API calls 22582->22583 22582->22586 22587 8633c9 22583->22587 22584->22559 22585->22558 22586->22580 22589 85d2b4 __Getctype 14 API calls 22586->22589 22586->22595 22588 85bed7 ___free_lconv_mon 14 API calls 22587->22588 22588->22586 22590 863461 22589->22590 22591 863471 22590->22591 22592 863469 22590->22592 22594 85bb4c ___std_exception_copy 29 API calls 22591->22594 22593 85bed7 ___free_lconv_mon 14 API calls 22592->22593 22593->22595 22596 86347d 22594->22596 22595->22565 22597 863484 22596->22597 22598 8634f5 22596->22598 22617 86a23c 22597->22617 22599 857dfc __Getctype 11 API calls 22598->22599 22601 8634ff 22599->22601 22610 86350d 22609->22610 22611 8632ef 22609->22611 22632 86356f 22610->22632 22611->22559 22611->22560 22611->22562 22614 86338d 22613->22614 22616 863530 22613->22616 22614->22569 22614->22575 22616->22614 22647 86a14b 22616->22647 22681 85d275 22617->22681 22633 863582 22632->22633 22640 86357d 22632->22640 22634 85d2b4 __Getctype 14 API calls 22633->22634 22645 86359f 22634->22645 22635 86360d 22637 858353 CallUnexpected 39 API calls 22635->22637 22636 8635fc 22638 85bed7 ___free_lconv_mon 14 API calls 22636->22638 22639 863612 22637->22639 22638->22640 22641 857dfc __Getctype 11 API calls 22639->22641 22640->22611 22642 86361e 22641->22642 22643 85d2b4 __Getctype 14 API calls 22643->22645 22644 85bed7 ___free_lconv_mon 14 API calls 22644->22645 22645->22635 22645->22636 22645->22639 22645->22643 22645->22644 22646 85bb4c ___std_exception_copy 29 API calls 22645->22646 22646->22645 22648 86a15f 22647->22648 22649 86a159 22647->22649 22648->22616 22650 86a973 22649->22650 22651 86a9bb 22649->22651 22653 86a979 22650->22653 22656 86a996 22650->22656 22663 86a9d1 22651->22663 22655 8576e4 __strnicoll 14 API calls 22653->22655 22654 86a989 22654->22616 22657 86a97e 22655->22657 22658 8576e4 __strnicoll 14 API calls 22656->22658 22662 86a9b4 22656->22662 22659 857dcf __strnicoll 29 API calls 22657->22659 22660 86a9a5 22658->22660 22659->22654 22661 857dcf __strnicoll 29 API calls 22660->22661 22661->22654 22662->22616 22664 86a9e1 22663->22664 22665 86a9fb 22663->22665 22668 8576e4 __strnicoll 14 API calls 22664->22668 22666 86aa03 22665->22666 22667 86aa1a 22665->22667 22669 8576e4 __strnicoll 14 API calls 22666->22669 22670 86aa26 22667->22670 22671 86aa3d 22667->22671 22672 86a9e6 22668->22672 22673 86aa08 22669->22673 22674 8576e4 __strnicoll 14 API calls 22670->22674 22678 85297a __strnicoll 39 API calls 22671->22678 22680 86a9f1 22671->22680 22675 857dcf __strnicoll 29 API calls 22672->22675 22676 857dcf __strnicoll 29 API calls 22673->22676 22677 86aa2b 22674->22677 22675->22680 22676->22680 22679 857dcf __strnicoll 29 API calls 22677->22679 22678->22680 22679->22680 22680->22654 22682 85297a __strnicoll 39 API calls 22681->22682 22683 85d287 22682->22683 22684 85d299 22683->22684 22689 85ca46 22683->22689 22686 852a74 22684->22686 22690 85d05b std::_Lockit::_Lockit 5 API calls 22689->22690 22731 855356 22730->22731 22732 85536a 22730->22732 22733 8576e4 __strnicoll 14 API calls 22731->22733 22751 8553da 22732->22751 22735 85535b 22733->22735 22737 857dcf __strnicoll 29 API calls 22735->22737 22740 855366 22737->22740 22738 85537f CreateThread 22739 8553aa 22738->22739 22741 85539e GetLastError 22738->22741 22768 855470 22738->22768 22760 85542a 22739->22760 22740->22152 22743 85770a __dosmaperr 14 API calls 22741->22743 22743->22739 22744 8553b5 22744->22152 22746 84f134 22745->22746 22747 84253a 22745->22747 22748 84f151 CloseHandle 22746->22748 22749 84f13b GetExitCodeThread 22746->22749 22747->22163 22747->22165 22748->22747 22749->22747 22750 84f14c 22749->22750 22750->22748 22752 85d2b4 __Getctype 14 API calls 22751->22752 22753 8553eb 22752->22753 22754 85bed7 ___free_lconv_mon 14 API calls 22753->22754 22755 8553f8 22754->22755 22756 85541c 22755->22756 22757 8553ff GetModuleHandleExW 22755->22757 22758 85542a 16 API calls 22756->22758 22757->22756 22759 855376 22758->22759 22759->22738 22759->22739 22761 855436 22760->22761 22762 85545a 22760->22762 22763 855445 22761->22763 22764 85543c CloseHandle 22761->22764 22762->22744 22765 855454 22763->22765 22766 85544b FreeLibrary 22763->22766 22764->22763 22767 85bed7 ___free_lconv_mon 14 API calls 22765->22767 22766->22765 22767->22762 22769 85547c ___scrt_is_nonwritable_in_current_image 22768->22769 22770 855490 22769->22770 22771 855483 GetLastError ExitThread 22769->22771 22772 85c16a __Getctype 39 API calls 22770->22772 22773 855495 22772->22773 22782 85f767 22773->22782 22776 8554ac 22786 8553cc 22776->22786 22783 85f777 CallUnexpected 22782->22783 22784 8554a0 22782->22784 22783->22784 22792 85ce89 22783->22792 22784->22776 22789 85cde0 22784->22789 22795 8554ee 22786->22795 22790 85cfd6 std::_Lockit::_Lockit 5 API calls 22789->22790 22791 85cdfc 22790->22791 22791->22776 22793 85cfd6 std::_Lockit::_Lockit 5 API calls 22792->22793 22794 85cea5 22793->22794 22794->22784 22796 85c2bb __dosmaperr 14 API calls 22795->22796 22798 8554f9 22796->22798 22797 85553b ExitThread 22798->22797 22801 855512 22798->22801 22804 85ce1b 22798->22804 22800 855525 22800->22797 22803 855531 FreeLibraryAndExitThread 22800->22803 22801->22800 22802 85551e CloseHandle 22801->22802 22802->22800 22803->22797 22805 85cfd6 std::_Lockit::_Lockit 5 API calls 22804->22805 22806 85ce34 22805->22806 22806->22801 22808 8556bd 22807->22808 22809 8556cf 22807->22809 22810 84f896 CallUnexpected GetModuleHandleW 22808->22810 22819 85582a 22809->22819 22812 8556c2 22810->22812 22812->22809 22834 8555c4 GetModuleHandleExW 22812->22834 22813 85048b 22813->22116 22820 855836 ___scrt_is_nonwritable_in_current_image 22819->22820 22840 8580e1 EnterCriticalSection 22820->22840 22822 855840 22841 855727 22822->22841 22824 85584d 22845 85586b 22824->22845 22827 85565f 22870 855646 22827->22870 22829 855669 22830 85567d 22829->22830 22831 85566d GetCurrentProcess TerminateProcess 22829->22831 22832 8555c4 CallUnexpected 3 API calls 22830->22832 22831->22830 22833 855685 ExitProcess 22832->22833 22835 855624 22834->22835 22836 855603 GetProcAddress 22834->22836 22838 855633 22835->22838 22839 85562a FreeLibrary 22835->22839 22836->22835 22837 855617 22836->22837 22837->22835 22838->22809 22839->22838 22840->22822 22842 855733 ___scrt_is_nonwritable_in_current_image CallUnexpected 22841->22842 22843 855797 CallUnexpected 22842->22843 22848 8573fe 22842->22848 22843->22824 22869 8580f8 LeaveCriticalSection 22845->22869 22847 855706 22847->22813 22847->22827 22849 85740a __EH_prolog3 22848->22849 22852 857689 22849->22852 22851 857431 Concurrency::details::_ContextCallback::_CallInContext 22851->22843 22853 857695 ___scrt_is_nonwritable_in_current_image 22852->22853 22860 8580e1 EnterCriticalSection 22853->22860 22855 8576a3 22861 857554 22855->22861 22860->22855 22862 857573 22861->22862 22863 85756b 22861->22863 22862->22863 22864 85bed7 ___free_lconv_mon 14 API calls 22862->22864 22865 8576d8 22863->22865 22864->22863 22868 8580f8 LeaveCriticalSection 22865->22868 22867 8576c1 22867->22851 22868->22867 22869->22847 22873 85f740 22870->22873 22872 85564b CallUnexpected 22872->22829 22874 85f74f CallUnexpected 22873->22874 22875 85f75c 22874->22875 22877 85ce49 22874->22877 22875->22872 22878 85cfd6 std::_Lockit::_Lockit 5 API calls 22877->22878 22879 85ce65 22878->22879 22879->22875 22881 85324d 22880->22881 22882 85325f ___scrt_uninitialize_crt 22880->22882 22883 85325b 22881->22883 22885 85854a 22881->22885 22882->22185 22883->22185 22888 858675 22885->22888 22891 85874e 22888->22891 22892 85875a ___scrt_is_nonwritable_in_current_image 22891->22892 22899 8580e1 EnterCriticalSection 22892->22899 22894 858764 ___scrt_uninitialize_crt 22899->22894 22969 87a19e 22974 87a1d4 22969->22974 22970 87a321 GetPEB 22971 87a333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 22970->22971 22972 87a3da WriteProcessMemory 22971->22972 22971->22974 22973 87a41f 22972->22973 22975 87a424 WriteProcessMemory 22973->22975 22976 87a461 WriteProcessMemory Wow64SetThreadContext ResumeThread 22973->22976 22974->22970 22974->22971 22975->22973

                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                            Function 0087A19E Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,0087A110,0087A100), ref: 0087A334
                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0087A347
                                                                                                                                                                                                                                            • Wow64GetThreadContext.KERNEL32(000000A0,00000000), ref: 0087A365
                                                                                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(00000124,?,0087A154,00000004,00000000), ref: 0087A389
                                                                                                                                                                                                                                            • VirtualAllocEx.KERNELBASE(00000124,?,?,00003000,00000040), ref: 0087A3B4
                                                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(00000124,00000000,?,?,00000000,?), ref: 0087A40C
                                                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(00000124,00400000,?,?,00000000,?,00000028), ref: 0087A457
                                                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(00000124,?,?,00000004,00000000), ref: 0087A495
                                                                                                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(000000A0,005E0000), ref: 0087A4D1
                                                                                                                                                                                                                                            • ResumeThread.KERNELBASE(000000A0), ref: 0087A4E0
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                                                                            • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                                                                            • API String ID: 2687962208-3857624555
                                                                                                                                                                                                                                            • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                            • Instruction ID: dfb932ceccc77431532897d83e59d28526b9688816c99e4ebe27e90727cdfa21
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72B1E57660024AAFDB60CF68CC80BDA73A5FF88714F158124EA0CEB345D774FA518B94
                                                                                                                                                                                                                                            Function 00841FB0 Relevance: 9.2, APIs: 6, Instructions: 200fileCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00841240: _strlen.LIBCMT ref: 008412BA
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE ref: 00842036
                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 00842046
                                                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 0084206B
                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 0084207A
                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 008420CD
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008421FD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$CloseHandle_strlen$CreateReadSize
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2911764282-0
                                                                                                                                                                                                                                            • Opcode ID: e7c0101e49155938163f93930f22cdd870b2fe0da522d618ac686a940948dcfe
                                                                                                                                                                                                                                            • Instruction ID: a4fc5ff9d234a93be40b4863e01e162a9465dcac43f0f6058a07f635875a0097
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7c0101e49155938163f93930f22cdd870b2fe0da522d618ac686a940948dcfe
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7671D2B2C006189BCB10DFA8DC487AEBBB5FF58314F140629F814E7391E775A945CBA1
                                                                                                                                                                                                                                            Function 00841000 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 8a9c26692b57af5772e74c8f17bd09b00515b93fdaae5cf09825b6191cdbf71b
                                                                                                                                                                                                                                            • Instruction ID: fc94b3d6eec3d9e998e3f3c32a7c9dbff51fbd695914929a8af8df3f64e1dd3c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a9c26692b57af5772e74c8f17bd09b00515b93fdaae5cf09825b6191cdbf71b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A215A3361056D0B8B9C9F3C6CA6037FB4AFB866A0705573AED12DF2C1E620DD9082E4
                                                                                                                                                                                                                                            Function 008424B0 Relevance: 10.6, APIs: 7, Instructions: 83threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetConsoleWindow.KERNELBASE ref: 008424DD
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 008424E6
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00842524
                                                                                                                                                                                                                                              • Part of subcall function 0084F11D: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,0084253A,?,?,00000000), ref: 0084F129
                                                                                                                                                                                                                                              • Part of subcall function 0084F11D: GetExitCodeThread.KERNEL32(?,00000000,?,?,0084253A,?,?,00000000), ref: 0084F142
                                                                                                                                                                                                                                              • Part of subcall function 0084F11D: CloseHandle.KERNEL32(?,?,?,0084253A,?,?,00000000), ref: 0084F154
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00842567
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00842578
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00842589
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 0084259A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$ThreadWindow$CloseCodeConsoleCurrentExitHandleObjectShowSingleWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3956949563-0
                                                                                                                                                                                                                                            • Opcode ID: e676119009f2b08a2ef32f6970db2497a09a3baccc9a2ec6b969b584af472057
                                                                                                                                                                                                                                            • Instruction ID: f8511f5c5e5a0dcae8641e89337dd6ff003e0cca403118cfd33b0e745babe19a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e676119009f2b08a2ef32f6970db2497a09a3baccc9a2ec6b969b584af472057
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 022165F2D402199BDF50AF989C06BDEBAB8FF04710F080125F508BA281E7B69554CAA6
                                                                                                                                                                                                                                            Function 0085CF0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 51 85cf0b-85cf17 52 85cfa9-85cfac 51->52 53 85cfb2 52->53 54 85cf1c-85cf2d 52->54 55 85cfb4-85cfb8 53->55 56 85cf2f-85cf32 54->56 57 85cf3a-85cf53 LoadLibraryExW 54->57 58 85cfd2-85cfd4 56->58 59 85cf38 56->59 60 85cf55-85cf5e GetLastError 57->60 61 85cfb9-85cfc9 57->61 58->55 63 85cfa6 59->63 64 85cf97-85cfa4 60->64 65 85cf60-85cf72 call 860554 60->65 61->58 62 85cfcb-85cfcc FreeLibrary 61->62 62->58 63->52 64->63 65->64 68 85cf74-85cf86 call 860554 65->68 68->64 71 85cf88-85cf95 LoadLibraryExW 68->71 71->61 71->64
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,1D994CD9,?,0085D01A,?,?,00000000), ref: 0085CFCC
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                            • Opcode ID: ee2dd7927d2b69e597809ce3356e04a1992367e3fd8a2fad44404c7c3224fa0f
                                                                                                                                                                                                                                            • Instruction ID: 7741afd81dbcc9bc415d88d1889869411c33fc860d0bfc8b6b5f99148347a4d2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee2dd7927d2b69e597809ce3356e04a1992367e3fd8a2fad44404c7c3224fa0f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F210531A01711AFC7328B64DC44A5A7B6AFF81765F250111ED4AE7290EFB0ED18CED0
                                                                                                                                                                                                                                            Function 00841750 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 390COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 127 841750-8417eb call 859c30 130 841806-84180b 127->130 131 8417ed-841803 127->131 132 84180d-841816 130->132 133 84181b-841821 130->133 131->130 135 841b69-841b8c 132->135 136 841851-841855 133->136 137 841823-841825 133->137 139 841be4-841c48 call 842f00 call 8432c0 call 85060c 135->139 140 841b8e-841b95 call 84d748 135->140 138 841858-841898 call 844460 136->138 137->136 141 841827-841849 call 842c50 137->141 164 8418ca-8418e0 138->164 165 84189a-8418b4 138->165 139->135 152 841b97-841b9a call 8438e0 140->152 153 841b9f-841bad 140->153 141->135 150 84184f 141->150 150->138 152->153 157 841bd1-841be3 153->157 158 841baf-841bce 153->158 158->157 166 8418e6-8418f5 164->166 167 8419b9 164->167 165->164 183 8418b6-8418c6 165->183 169 8419bb-8419c1 166->169 170 8418fb 166->170 167->169 172 8419ff-841a03 169->172 173 841900-841914 170->173 176 841a92-841a96 172->176 177 841a09-841a11 172->177 174 841916-84191d 173->174 175 841940-841965 173->175 174->175 181 84191f-84192f 174->181 185 841968-841972 175->185 179 841b54-841b61 176->179 180 841a9c-841aa6 176->180 177->176 182 841a13-841a59 177->182 179->135 180->179 184 841aac 180->184 181->185 202 841a68-841a89 call 84def0 182->202 203 841a5b-841a62 182->203 183->164 188 841ab0-841ac4 184->188 190 841974-841992 185->190 191 8419aa-8419b2 185->191 193 841ac6-841acd 188->193 194 841af0-841b1c 188->194 190->173 196 841998-8419a8 190->196 192 8419b5-8419b7 191->192 192->169 193->194 197 841acf-841ae3 193->197 200 841b1e-841b47 194->200 205 841b4f 194->205 196->192 199 841ae5 197->199 197->200 199->205 200->188 204 841b4d 200->204 210 841a8b-841a8d 202->210 203->202 206 8419d0-8419dd 203->206 204->179 205->179 208 8419e0-8419fc 206->208 208->172 210->208
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _strlen
                                                                                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                            • API String ID: 4218353326-1866435925
                                                                                                                                                                                                                                            • Opcode ID: 4bf595a20f04a3e9d9fcaf53d315e2c5fd1d27dda8c28990d9925e1689b7f27d
                                                                                                                                                                                                                                            • Instruction ID: d16e7a31855a8b84a29d661e73eac7f0de690743ebe7f775972d55d5bd27a13e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bf595a20f04a3e9d9fcaf53d315e2c5fd1d27dda8c28990d9925e1689b7f27d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBF13B75A006188FCF14CF68C498BADBBF1FF88324F194269E819AB395D774AD45CB90
                                                                                                                                                                                                                                            Function 00855349 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 212 855349-855354 213 855356-855369 call 8576e4 call 857dcf 212->213 214 85536a-85537d call 8553da 212->214 220 85537f-85539c CreateThread 214->220 221 8553ab 214->221 224 85539e-8553aa GetLastError call 85770a 220->224 225 8553ba-8553bf 220->225 222 8553ad-8553b9 call 85542a 221->222 224->221 227 8553c6-8553ca 225->227 228 8553c1-8553c4 225->228 227->222 228->227
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_00015470,00000000,00000000,00000000), ref: 00855392
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00842513,00000000,00000000), ref: 0085539E
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 008553A5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2744730728-0
                                                                                                                                                                                                                                            • Opcode ID: 1cf12cc0a2705bd3127a50d5206f4eeb75084b8d8868f8bb69ffb29e7c673e50
                                                                                                                                                                                                                                            • Instruction ID: b1430f33ce079a093ad1ac3fb90c7d2455531cfe42b440d032608be427035f1a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cf12cc0a2705bd3127a50d5206f4eeb75084b8d8868f8bb69ffb29e7c673e50
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E019272505619EBDF159FA4DC25AEE7B64FF01392F108058FC05D2250EBB0D958DB51
                                                                                                                                                                                                                                            Function 008554EE Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 232 8554ee-8554fb call 85c2bb 235 8554fd-855505 232->235 236 85553b-85553e ExitThread 232->236 235->236 237 855507-85550b 235->237 238 855512-855518 237->238 239 85550d call 85ce1b 237->239 241 855525-85552b 238->241 242 85551a-85551c 238->242 239->238 241->236 243 85552d-85552f 241->243 242->241 244 85551e-85551f CloseHandle 242->244 243->236 245 855531-855535 FreeLibraryAndExitThread 243->245 244->241 245->236
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C2BB: GetLastError.KERNEL32(00000000,?,008576E9,0085D306,?,?,0085C1B7,00000001,00000364,?,00000005,000000FF,?,00855495,00878E38,0000000C), ref: 0085C2BF
                                                                                                                                                                                                                                              • Part of subcall function 0085C2BB: SetLastError.KERNEL32(00000000), ref: 0085C361
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,008553D9,?,?,008554CE,00000000), ref: 0085551F
                                                                                                                                                                                                                                            • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,008553D9,?,?,008554CE,00000000), ref: 00855535
                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 0085553E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1991824761-0
                                                                                                                                                                                                                                            • Opcode ID: c75f472531f094efe9977ea21ec95a7e2151db06416ed02fc2b49b96d26a0191
                                                                                                                                                                                                                                            • Instruction ID: 3e8329ae04b408f292700aee986663b35cfcaaebf2bfeaaa8afc260135ef77f3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c75f472531f094efe9977ea21ec95a7e2151db06416ed02fc2b49b96d26a0191
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4F05E70100F016BDB215B79D85CA1A3B9AFF40372B094614FC69C70A0FB20DD5ACB51
                                                                                                                                                                                                                                            Function 0085565F Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000002,?,00855721,00858396,00858396,?,00000002,1D994CD9,00858396,00000002), ref: 00855670
                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00855721,00858396,00858396,?,00000002,1D994CD9,00858396,00000002), ref: 00855677
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00855689
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                            • Opcode ID: 2e0d7e8a4ad579a572b28ba88efd3b9aae0e3754978eecac980e955f91559e77
                                                                                                                                                                                                                                            • Instruction ID: 3bc6edebbbc4f0aeb686b3969de0c1ed9fc30c941221cf5fc6688a04c0b81098
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e0d7e8a4ad579a572b28ba88efd3b9aae0e3754978eecac980e955f91559e77
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2D06731000944ABCF122F65DC5D8593F6AFB503427444010B94989066EF32D9A9DA45
                                                                                                                                                                                                                                            Function 00863BF4 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 353 863bf4-863c16 354 863c1c-863c1e 353->354 355 863e09 353->355 356 863c20-863c3f call 857f78 354->356 357 863c4a-863c6d 354->357 358 863e0b-863e0f 355->358 364 863c42-863c45 356->364 360 863c73-863c79 357->360 361 863c6f-863c71 357->361 360->356 363 863c7b-863c8c 360->363 361->360 361->363 365 863c8e-863c9c call 8629a2 363->365 366 863c9f-863caf call 863f21 363->366 364->358 365->366 371 863cb1-863cb7 366->371 372 863cf8-863d0a 366->372 373 863ce0-863cf6 call 863f9e 371->373 374 863cb9-863cbc 371->374 375 863d61-863d81 WriteFile 372->375 376 863d0c-863d12 372->376 394 863cd9-863cdb 373->394 377 863cc7-863cd6 call 864365 374->377 378 863cbe-863cc1 374->378 380 863d83-863d89 GetLastError 375->380 381 863d8c 375->381 382 863d14-863d17 376->382 383 863d4d-863d5a call 8643cd 376->383 377->394 378->377 384 863da1-863da4 378->384 380->381 388 863d8f-863d9a 381->388 389 863d39-863d4b call 864591 382->389 390 863d19-863d1c 382->390 393 863d5f 383->393 397 863da7-863da9 384->397 395 863e04-863e07 388->395 396 863d9c-863d9f 388->396 401 863d34-863d37 389->401 390->397 398 863d22-863d2f call 8644a8 390->398 393->401 394->388 395->358 396->384 402 863dd7-863de3 397->402 403 863dab-863db0 397->403 398->401 401->394 406 863de5-863deb 402->406 407 863ded-863dff 402->407 404 863db2-863dc4 403->404 405 863dc9-863dd2 call 857770 403->405 404->364 405->364 406->355 406->407 407->364
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00863F9E: GetConsoleOutputCP.KERNEL32(1D994CD9,00000000,00000000,?), ref: 00864001
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00858584,?), ref: 00863D79
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00858584,?,008587C8,00000000,?,00000000,008587C8,?,?,?,00878FE8,0000002C,008586B4,?), ref: 00863D83
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2915228174-0
                                                                                                                                                                                                                                            • Opcode ID: 23722f9721f55101bd1611c5e6ca17349236a3625bc01812e7a17ff72b402d6a
                                                                                                                                                                                                                                            • Instruction ID: da803907b0811afb095a6d079c02d4d6e56ed0020102f49c7c74035caaf94af3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23722f9721f55101bd1611c5e6ca17349236a3625bc01812e7a17ff72b402d6a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46619D71904219AEDF11CFA8D885AAEBFB9FF49308F160149F804F7256D732DA11CBA1
                                                                                                                                                                                                                                            Function 008643CD Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 410 8643cd-864422 call 850050 413 864497-8644a7 call 84a6e1 410->413 414 864424 410->414 416 86442a 414->416 418 864430-864432 416->418 419 864434-864439 418->419 420 86444c-864471 WriteFile 418->420 421 864442-86444a 419->421 422 86443b-864441 419->422 423 864473-86447e 420->423 424 86448f-864495 GetLastError 420->424 421->418 421->420 422->421 423->413 425 864480-86448b 423->425 424->413 425->416 426 86448d 425->426 426->413
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00863D5F,00000000,008587C8,?,00000000,?,00000000), ref: 00864469
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00863D5F,00000000,008587C8,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00858584), ref: 0086448F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 442123175-0
                                                                                                                                                                                                                                            • Opcode ID: ac87fe9e23554de2e3a7ce23a175f49a478f220be2934578bd9f316d4597795a
                                                                                                                                                                                                                                            • Instruction ID: 6d83a1b69a5c3a3d68262e86eaa9b53f856bec22dab017748384f3f0a0564f1d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac87fe9e23554de2e3a7ce23a175f49a478f220be2934578bd9f316d4597795a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6321A030A012189BCB19CF19DC81AEDB7B9FB48305F1540A9E90AD7211DA30DD82CB64
                                                                                                                                                                                                                                            Function 008490F0 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 427 8490f0-849130 call 84efc1 430 849136-84913d 427->430 431 8491c7-8491c9 call 84b317 427->431 432 849143-849149 430->432 433 8491ce-8491df call 84b317 430->433 431->433 435 849174-84919a call 84efd2 call 8492f0 432->435 436 84914b-849172 call 84efd2 432->436 443 84919f-8491aa 433->443 435->443 445 8491b6-8491c6 436->445 443->445 446 8491b1 call 84a660 443->446 446->445
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 008491C9
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 008491D7
                                                                                                                                                                                                                                              • Part of subcall function 0084EFD2: ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,00848E4A,0084A2F0), ref: 0084EFE7
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$ExclusiveLockRelease
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3666349979-0
                                                                                                                                                                                                                                            • Opcode ID: e32e3a89ef4b5c5bf94afc913832516e9d994f569ff699fc9bbe42ccea64a98d
                                                                                                                                                                                                                                            • Instruction ID: cb098fc2a19fe7c1bac22d7465497a9e5d393fa49ef48ede815ecc49435d781d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e32e3a89ef4b5c5bf94afc913832516e9d994f569ff699fc9bbe42ccea64a98d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D2105B090064ADBDB20DF68CD45BAEBBB4FF04320F144228E565973C1D734A904CBD2
                                                                                                                                                                                                                                            Function 0085DA52 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 449 85da52-85da57 450 85da59-85da71 449->450 451 85da73-85da77 450->451 452 85da7f-85da88 450->452 451->452 453 85da79-85da7d 451->453 454 85da9a 452->454 455 85da8a-85da8d 452->455 456 85daf4-85daf8 453->456 459 85da9c-85daa9 GetStdHandle 454->459 457 85da96-85da98 455->457 458 85da8f-85da94 455->458 456->450 460 85dafe-85db01 456->460 457->459 458->459 461 85dad6-85dae8 459->461 462 85daab-85daad 459->462 461->456 463 85daea-85daed 461->463 462->461 464 85daaf-85dab8 GetFileType 462->464 463->456 464->461 465 85daba-85dac3 464->465 466 85dac5-85dac9 465->466 467 85dacb-85dace 465->467 466->456 467->456 468 85dad0-85dad4 467->468 468->456
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,0085D941,00879330,0000000C), ref: 0085DA9E
                                                                                                                                                                                                                                            • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,0085D941,00879330,0000000C), ref: 0085DAB0
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileHandleType
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3000768030-0
                                                                                                                                                                                                                                            • Opcode ID: 1e419945df68af05354e72972f3c5a40f36456b712f60e5d092d2f88e1325a28
                                                                                                                                                                                                                                            • Instruction ID: d5542784ee40d146936ce4538807ec92f1c11f0fc1f9045484b22ef24a717b1f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e419945df68af05354e72972f3c5a40f36456b712f60e5d092d2f88e1325a28
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A11B771108B624AC7328A3E8C886237A95FB96336B380759DCBAD65F5C670D88ED600
                                                                                                                                                                                                                                            Function 00841EF0 Relevance: 3.1, APIs: 2, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00841240: _strlen.LIBCMT ref: 008412BA
                                                                                                                                                                                                                                            • FreeConsole.KERNELBASE(?,?,?,?,?,0084173F,?,?,?,00000000,?), ref: 00841F21
                                                                                                                                                                                                                                            • VirtualProtect.KERNELBASE(0087A011,00000549,00000040,?), ref: 00841F78
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ConsoleFreeProtectVirtual_strlen
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1248733679-0
                                                                                                                                                                                                                                            • Opcode ID: aa731af8883c92428867d2ad6f876da8d8901a623d78d00e3193a34fa462b888
                                                                                                                                                                                                                                            • Instruction ID: 801f6da1e072d1d1c64c4358cdf4502e7e06bb07126729ef6a5758207266e553
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa731af8883c92428867d2ad6f876da8d8901a623d78d00e3193a34fa462b888
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D611E771B00108ABDF04BB64DC06EBF7764FB84700F004429F618E7282E675D59047D6
                                                                                                                                                                                                                                            Function 00855470 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00878E38,0000000C), ref: 00855483
                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 0085548A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1611280651-0
                                                                                                                                                                                                                                            • Opcode ID: ef1e84538e516b4cde3424ddadfe1ba6f459887337d1723b03e85d247c7dcd0b
                                                                                                                                                                                                                                            • Instruction ID: 72f44f010cb1b68954293151061d09afa8a9f37cfb5ac1bd46d07d0e209a544d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef1e84538e516b4cde3424ddadfe1ba6f459887337d1723b03e85d247c7dcd0b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25F0C271A40B049FDB11AF74C80AA6E7B70FF40712F104459F80AD7292DF74A985CB52
                                                                                                                                                                                                                                            Function 00842270 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(00000000), ref: 00842288
                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0084229C
                                                                                                                                                                                                                                              • Part of subcall function 00841FB0: CreateFileA.KERNELBASE ref: 00842036
                                                                                                                                                                                                                                              • Part of subcall function 00841FB0: GetFileSize.KERNEL32(00000000,00000000), ref: 00842046
                                                                                                                                                                                                                                              • Part of subcall function 00841FB0: ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 0084206B
                                                                                                                                                                                                                                              • Part of subcall function 00841FB0: CloseHandle.KERNELBASE(00000000), ref: 0084207A
                                                                                                                                                                                                                                              • Part of subcall function 00841FB0: _strlen.LIBCMT ref: 008420CD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$HandleModule$CloseCreateNameReadSize_strlen
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3505371420-0
                                                                                                                                                                                                                                            • Opcode ID: 6c4dde9b0162d503c423eb64eaa31f8c953fdbabb366e2b093c79e89cff0e277
                                                                                                                                                                                                                                            • Instruction ID: 4f3632ca067173f8e5abd369267c7f22b527c5148dca23d72e3242d85c7f13d4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c4dde9b0162d503c423eb64eaa31f8c953fdbabb366e2b093c79e89cff0e277
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AF0E5B1A052102BD5257728BC4FFAB7BACEF95710F000514F58D8A185FA7491958AD3
                                                                                                                                                                                                                                            Function 0085BED7 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,008602B4,?,00000000,?,?,0085FF54,?,00000007,?,?,0086089A,?,?), ref: 0085BEED
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,008602B4,?,00000000,?,?,0085FF54,?,00000007,?,?,0086089A,?,?), ref: 0085BEF8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                                                                            • Opcode ID: 923d2a4eeaf376d0a48d66867ea41eb8cb7d823d1d9421d9467def977cb44556
                                                                                                                                                                                                                                            • Instruction ID: abab2e46bfc92cdbf05d6bc331a305a268705c0d80de2f716283113c27f3b5ac
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 923d2a4eeaf376d0a48d66867ea41eb8cb7d823d1d9421d9467def977cb44556
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CE08631104A1467CF212FA8FC0CB553BA8FB50392F108011FA0CD6174DB31C994CB94
                                                                                                                                                                                                                                            Function 0084DEF0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ae920beae5daaeda838a08cb3fef3fbdbcf747b08fe9f0cbfdeef4b0d3238f7f
                                                                                                                                                                                                                                            • Instruction ID: b721724716b6065b920a5cf6ed05534563a8c4da8c188d8e2345d515a433d5dc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae920beae5daaeda838a08cb3fef3fbdbcf747b08fe9f0cbfdeef4b0d3238f7f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D441AE31A0061EAFCB14DF68D8949EDB7F9FF18314F54406AE446E7640EB31E945DB90
                                                                                                                                                                                                                                            Function 0084CB40 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 796eecdbb3b7e572ef8f3137f2d43cd3ede5fab9657a6634e8f199f96429f4f2
                                                                                                                                                                                                                                            • Instruction ID: 72dc178d43374f145ac0087d3585b6b9d061b9207be208ff65e61d908d2594db
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 796eecdbb3b7e572ef8f3137f2d43cd3ede5fab9657a6634e8f199f96429f4f2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F231927290121EAFCF54CF68D8909EEB7BCFF09324B14026AE516E3290E731E954DB90
                                                                                                                                                                                                                                            Function 0084B060 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0084AFC4: GetModuleHandleExW.KERNEL32(00000002,00000000,00848A2A,?,?,0084AF87,00848A2A,?,0084AF58,00848A2A,?,?,?), ref: 0084AFD0
                                                                                                                                                                                                                                            • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,1D994CD9,?,?,?,Function_0002BE94,000000FF), ref: 0084B0C7
                                                                                                                                                                                                                                              • Part of subcall function 0084AEFA: std::_Throw_Cpp_error.LIBCPMT ref: 0084AF1B
                                                                                                                                                                                                                                              • Part of subcall function 0084EFD2: ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,00848E4A,0084A2F0), ref: 0084EFE7
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CallbackCpp_errorExclusiveFreeHandleLibraryLockModuleReleaseReturnsThrow_Whenstd::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3627539351-0
                                                                                                                                                                                                                                            • Opcode ID: a59d22835eab98effd221ece5191cf614545a90171497f9290a7ab6b855a0c0a
                                                                                                                                                                                                                                            • Instruction ID: f391f300175992ec9e6a444e74c56e5f2a160f59d1a2e6a823badcf227b0eff7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a59d22835eab98effd221ece5191cf614545a90171497f9290a7ab6b855a0c0a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E110432644A48ABCB296B6D9C16A2E7BAAFB40B20F00441EF419CB6D0CF35D840DA42
                                                                                                                                                                                                                                            Function 0085CFD6 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e95efc19441f73221fae88bf3e94b4b73e8d0647515c366f0a02c74614e90332
                                                                                                                                                                                                                                            • Instruction ID: 4fef3af3983cfbd7f4e454505e282284684e36bf7332cfc1aef9b53cd1d04a40
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e95efc19441f73221fae88bf3e94b4b73e8d0647515c366f0a02c74614e90332
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 800128332007185F9B269F68EC84A2633A6FBC0762F254024FE08DB1D8EB31D846D751
                                                                                                                                                                                                                                            Function 0084CB32 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3988221542-0
                                                                                                                                                                                                                                            • Opcode ID: cf3100c6b11f3783c1e90d720c5effe0ca0e63f560ff38e5806c99cb7e835411
                                                                                                                                                                                                                                            • Instruction ID: a2fbff0f8ed490ca93d618aed2537a4545a1cba5515f4566fd354ac48e686710
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf3100c6b11f3783c1e90d720c5effe0ca0e63f560ff38e5806c99cb7e835411
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0801447660A28E5ECF859B7CF9652A8BB14FF95338B20816FD111C45D1DB129814D701
                                                                                                                                                                                                                                            Function 00847770 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::_Release_chore.LIBCPMT ref: 008477C6
                                                                                                                                                                                                                                              • Part of subcall function 0084AF64: CloseThreadpoolWork.KERNEL32(?,00000000,?,008478DA,00000000), ref: 0084AF72
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseConcurrency::details::_Release_choreThreadpoolWork
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 312417170-0
                                                                                                                                                                                                                                            • Opcode ID: a882657e30b7b2177f186e625bb46a794a27c81ebc47751dd18a768fff642409
                                                                                                                                                                                                                                            • Instruction ID: 40aa241be6bb3b959bba525ee1db2fb7f5b3614c6bdda152f6f1d7863c046b66
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a882657e30b7b2177f186e625bb46a794a27c81ebc47751dd18a768fff642409
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72018BB1C006599BDB04EF88DC0579EFBB4FB04720F004239E8196B340E379AA85CBD2
                                                                                                                                                                                                                                            Function 0085BF11 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,0085DF35,?,?,0085DF35,00000220,?,00000000,?), ref: 0085BF43
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                            • Opcode ID: 1acd3e54a7978ab113abf832f25768d409556adbd2146b8375acf3e1a380ca04
                                                                                                                                                                                                                                            • Instruction ID: f684021296be062d5e0d43533ca8ab118392e5e3cd111ede3672fb762f802331
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1acd3e54a7978ab113abf832f25768d409556adbd2146b8375acf3e1a380ca04
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53E0ED35205A2166DB202A6AAC04B5B3A88FF61BB3F140061EC1CE6190DF20DC08C9A2
                                                                                                                                                                                                                                            Function 008498F0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0084990F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                            • Opcode ID: 6e3e421c4a8cfb1fba3bac4654965bc611b1aad92e2afce1b011616369e8c995
                                                                                                                                                                                                                                            • Instruction ID: 1e37b6c52e9bec0c16f177d838881a50d93d83a633581c84fd507718ee897b45
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e3e421c4a8cfb1fba3bac4654965bc611b1aad92e2afce1b011616369e8c995
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FD0A7397054284F4714BF2CA81892EB752FFC872035644AAE944D734AD724DC4287C0

                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                            Function 00867792 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1479COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                            • Opcode ID: c528422ecd26948c48bb03c3b12e555c406f769507fef14af3c44704da264259
                                                                                                                                                                                                                                            • Instruction ID: c51fcf4efa68cd108026a5079925368a99d7be4942047d396388d521af51b4c2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c528422ecd26948c48bb03c3b12e555c406f769507fef14af3c44704da264259
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9ED21871E082298FDB65CE28DD44BEAB7B5FB44305F1542EAD80DE7240DB74AE858F81
                                                                                                                                                                                                                                            Function 00861A07 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,008613BD,00000002,00000000,?,?,?,008613BD,?,00000000), ref: 00861AA0
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,008613BD,00000002,00000000,?,?,?,008613BD,?,00000000), ref: 00861AC9
                                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,008613BD,?,00000000), ref: 00861ADE
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                            • Opcode ID: 0d477d2624081a92ac096f61804047db67a930863875a500049795a168443f84
                                                                                                                                                                                                                                            • Instruction ID: f65857f251883a924d1387aced5cd338a663dd1892d36a066156d165a46315ab
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d477d2624081a92ac096f61804047db67a930863875a500049795a168443f84
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6521B822B0212597DF35CFE4D908A9B72A7FB50B56B5F8464E909DB206F731DD40D350
                                                                                                                                                                                                                                            Function 00861287 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(?,?,00855495,00878E38,0000000C), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000), ref: 0085C210
                                                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 0086138F
                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 008613CD
                                                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 008613E0
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00861428
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00861443
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                                                                                                                            • Opcode ID: 82654dc01d73f4f168012be0a00132bb9a194ac869a370bb2149754c340326fb
                                                                                                                                                                                                                                            • Instruction ID: 442fd1963ee6f6ac18c7cd0f20fc7e4fa2cc5c158598249f0100f768cdeafd06
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82654dc01d73f4f168012be0a00132bb9a194ac869a370bb2149754c340326fb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A518071A00209AFDF10DFA5CD49EBE77B8FF04704F1A4465E905EB292EB74DA448B61
                                                                                                                                                                                                                                            Function 00859CC0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                                                                                                                                                            • Instruction ID: 9434f1657a387772096ad8682b62515607f66e190fd8a50a5503cccef071801b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73024C71E00619DBDF14CFA9C8806AEBBB1FF48315F24826AD919E7380D731A945CB91
                                                                                                                                                                                                                                            Function 00861FE9 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 008620D9
                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 008621CD
                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0086220C
                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0086223F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1164774033-0
                                                                                                                                                                                                                                            • Opcode ID: 0c586dec0c3da5733fabffc43feaa0e5ca8a6bcca553921a7a1319bd17331dea
                                                                                                                                                                                                                                            • Instruction ID: 5a3c6fc49ae5b72ec4091bbc7e215a21aed8177579bac9bca07436ec7723b08f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c586dec0c3da5733fabffc43feaa0e5ca8a6bcca553921a7a1319bd17331dea
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D37111B19059689FCF21AF388C9DABAB7B9FB05300F1941D9E548E7211EB308E848F51
                                                                                                                                                                                                                                            Function 0084F8E9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0084F8F5
                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0084F9C1
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0084F9DA
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0084F9E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                                                                            • Opcode ID: 85134143be01593dc9063b9829cbd3131b99dd0c3ff03f099780f7ccd91d353a
                                                                                                                                                                                                                                            • Instruction ID: e93d1e7a9d948359ec88d9b8db3f821a8a1f08d62556f23c935ba55203227976
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85134143be01593dc9063b9829cbd3131b99dd0c3ff03f099780f7ccd91d353a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E31E3B5D0121DAADF21DFA5D9497CDBBB8FF08300F1041AAE50DAB251EB719A848F45
                                                                                                                                                                                                                                            Function 00861580 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(?,?,00855495,00878E38,0000000C), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000), ref: 0085C210
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 008615D4
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0086161E
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 008616E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 661929714-0
                                                                                                                                                                                                                                            • Opcode ID: 2c2d158ffc26776fbfeb16ce0ffec0a6da6d5a9da057362fe4c42e0eb9702cd7
                                                                                                                                                                                                                                            • Instruction ID: 112b10b4b41c327e12167e7b558b1bb20211ca4d610ffc42a16b0fa0964dc400
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c2d158ffc26776fbfeb16ce0ffec0a6da6d5a9da057362fe4c42e0eb9702cd7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB61AF716002079FDF289F28CD8ABBA73A9FF14701F2941B9ED05C658AE734D994DB50
                                                                                                                                                                                                                                            Function 00857E30 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00857F28
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00857F32
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00857F3F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                            • Opcode ID: 78a9d5c21754fafe970ed97ca322f6628e872025243e949fb03e832cb848a475
                                                                                                                                                                                                                                            • Instruction ID: f6affc6696c5e5f50bd795bd9b4faa3b542f8f5eb5ef3930313cedd6073cb755
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78a9d5c21754fafe970ed97ca322f6628e872025243e949fb03e832cb848a475
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8831B17491122CABCB21DF68D88978DBBB8FF18311F5041EAE80CA7251EB709F858F45
                                                                                                                                                                                                                                            Function 008500B4 Relevance: 3.0, APIs: 2, Instructions: 27timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemTimePreciseAsFileTime.KERNEL32 ref: 008500EC
                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?,1D994CD9,00848E30,?,0086BE77,000000FF,?,0084FDB4,?,00000000,00000000,?,0084FDD8,?,00848E30,?), ref: 008500F0
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Time$FileSystem$Precise
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 743729956-0
                                                                                                                                                                                                                                            • Opcode ID: 6ee0a0eeaa56243636364a833b405af1e60a6c4a29e37fe610dc66f0d27309dd
                                                                                                                                                                                                                                            • Instruction ID: f5fc8973dc2bf1cff8120795e389e6383cb0c7f8f9e5cbaa7cc88353a07c45ff
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ee0a0eeaa56243636364a833b405af1e60a6c4a29e37fe610dc66f0d27309dd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91F06532A48A58EFC7119F44DC44B5EBBA8FB08B14F01013AED16D3794DB75E940DB80
                                                                                                                                                                                                                                            Function 00865C5E Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00865BB9,?,?,00000008,?,?,0086BCAB,00000000), ref: 00865E8B
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                            • Opcode ID: c3672fb08d1b8c45492166e8389f94b378f6c43c5897bb9e15daf5cb2959b26b
                                                                                                                                                                                                                                            • Instruction ID: dd6406f1b8fae40719f311c82dc8599a8a7546894dc4eb26940a85d945ff5792
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3672fb08d1b8c45492166e8389f94b378f6c43c5897bb9e15daf5cb2959b26b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6B15031510A09DFDB15CF28C48AB657BE0FF45364F2A8658E899CF2E1C736EA91CB40
                                                                                                                                                                                                                                            Function 0084F555 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0084F56B
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                                                                                                                            • Opcode ID: 15418d85d4f748f28363ad0f74e4f2ae50502523e0da8b772a5f32588d6b47c2
                                                                                                                                                                                                                                            • Instruction ID: ff7ec29b07968043fc6d2e306cf56f538195f84dea1e3ed7bf3f45edcabdedba
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15418d85d4f748f28363ad0f74e4f2ae50502523e0da8b772a5f32588d6b47c2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BA19E729106098BDB18CF54D889799BBF6FB483A4F24813ED529EB369C374D980CF51
                                                                                                                                                                                                                                            Function 00861840 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(?,?,00855495,00878E38,0000000C), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000), ref: 0085C210
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00861894
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                                                            • Opcode ID: f2e213ce800514d8775a9ec5c6d84d7af8a4616910d7447a9b93b4c4d47634db
                                                                                                                                                                                                                                            • Instruction ID: b533b213ab87437b20049883ef63b184baf599535d4e249b834249ea4fd3913f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2e213ce800514d8775a9ec5c6d84d7af8a4616910d7447a9b93b4c4d47634db
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3321F232610206AFDF289B29DC45ABA37A8FF54711F15007AFD02C7142EB34ED44CB51
                                                                                                                                                                                                                                            Function 00853FB2 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                            • Opcode ID: e5ab54e77a1aea52485c51baae57cbacdbaa0536e08a06d713fe49d34a2c18e8
                                                                                                                                                                                                                                            • Instruction ID: 1e8e25fa11c3d4a978a5feacc4529e50b9b55203c63e80ce4ba79d7b5f1c4349
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5ab54e77a1aea52485c51baae57cbacdbaa0536e08a06d713fe49d34a2c18e8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25B1D330900A1A8BCB68CE68C9556BEBBB1FB0130EF24661DEE56D7681C77199CDCB41
                                                                                                                                                                                                                                            Function 008614D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(?,?,00855495,00878E38,0000000C), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000), ref: 0085C210
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00861580,00000001,00000000,?,-00000050,?,00861363,00000000,-00000002,00000000,?,00000055,?), ref: 0086154A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                                            • Opcode ID: 7fbdd3b91966448f6a9d8e5f946f9313b48bb1b5cc28c5784d712f2dfb07d125
                                                                                                                                                                                                                                            • Instruction ID: 2678e0cb11aba67cafd18f5891f7c62d82bb65e016d145fe8cb1076f238cb686
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fbdd3b91966448f6a9d8e5f946f9313b48bb1b5cc28c5784d712f2dfb07d125
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7011C6362007015FDF189F3988995BAB791FB80768B19442DE947C7B41E771A942C740
                                                                                                                                                                                                                                            Function 00861960 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(?,?,00855495,00878E38,0000000C), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000), ref: 0085C210
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 008619B4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                                                            • Opcode ID: 34f95b64ae8d8227747cb23c06595aa3ebbdadeabdf167499a8256fe709a1aff
                                                                                                                                                                                                                                            • Instruction ID: 34144dd21b68dc7946bcdd6a43bdd2fa4d623c933999b892fd3ecc8bfed9c278
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34f95b64ae8d8227747cb23c06595aa3ebbdadeabdf167499a8256fe709a1aff
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93110232610206ABDB14AF68DC5AABB7BECFF04720B55417AF902C7142EB38ED449B51
                                                                                                                                                                                                                                            Function 00861B0D Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(?,?,00855495,00878E38,0000000C), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000), ref: 0085C210
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0086179C,00000000,00000000,?), ref: 00861B39
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                                                            • Opcode ID: bdd3f4db8c5228891a32057e0b6fbb1d67900c071a27d3438c60cd0628a01b9a
                                                                                                                                                                                                                                            • Instruction ID: d6dd7d7ad0d714a4660f4df44064e3f65a2396cf60206451a64351e337321217
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bdd3f4db8c5228891a32057e0b6fbb1d67900c071a27d3438c60cd0628a01b9a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D201D632610116ABDF285B658C0DAFA3768FB40768F1A4468EE06E3581FA70EE41C790
                                                                                                                                                                                                                                            Function 008617D3 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(?,?,00855495,00878E38,0000000C), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000), ref: 0085C210
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00861840,00000001,?,?,-00000050,?,0086132B,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 0086181D
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                                            • Opcode ID: 94c988edd7cee8549ef04c2107d43566b69ece643ca3b14dd1beda2d24a46c9f
                                                                                                                                                                                                                                            • Instruction ID: a6359f05c4b3eb3bf6a18bfe1834f426b8da6924c4716d82899c1da8a336f14c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94c988edd7cee8549ef04c2107d43566b69ece643ca3b14dd1beda2d24a46c9f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BEF0C2362003045FDF255F79D889A6A7B91FF81768B1A843CF945CB692D6B19C42C650
                                                                                                                                                                                                                                            Function 0085D1BD Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008580E1: EnterCriticalSection.KERNEL32(?,?,0085C5F8,?,00879290,00000008,0085C4EA,?,?,?), ref: 008580F0
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0085D1B0,00000001,00879310,0000000C,0085CB11,-00000050), ref: 0085D1F5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1272433827-0
                                                                                                                                                                                                                                            • Opcode ID: bec0837247e137fc8534d56a2255723fd661de2e9dc786787bd6b835e95cf74c
                                                                                                                                                                                                                                            • Instruction ID: 93fd478b91bf63d3734ecbf033a71cb8d58d6f076230a01a6027e8f5677de9de
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bec0837247e137fc8534d56a2255723fd661de2e9dc786787bd6b835e95cf74c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83F01972A40704DFDB10EFA8E846B5977F0FB45726F10802AF918DB3A0DA7599848F41
                                                                                                                                                                                                                                            Function 00861915 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(?,?,00855495,00878E38,0000000C), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000), ref: 0085C210
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00861960,00000001,?,?,?,00861385,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 0086194C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                                            • Opcode ID: 4e1cd64180b3e1a08e831a210cac5799d8777a297051b17a30dea0e5ad8bf3bc
                                                                                                                                                                                                                                            • Instruction ID: 2c689573151f0d25f638b9a1522143186aee915548c15456b16fcf2550ed58f6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e1cd64180b3e1a08e831a210cac5799d8777a297051b17a30dea0e5ad8bf3bc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08F0EC3530030557CF059F39DC69666BFA4FFC1B51F5B4058EA09CB651C6759882C790
                                                                                                                                                                                                                                            Function 0085CC15 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,00856E33,?,20001004,00000000,00000002,?,?,00855D3D), ref: 0085CC49
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                                            • Opcode ID: 74821c8c2abba51aaf4118dced586bfb6dc465660fb20aeecc3ff4e28aa345c8
                                                                                                                                                                                                                                            • Instruction ID: 8760f074736fedf5d5857c1ad6094052a37df3b933671ecf4cc80c1e6c4ea1e6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74821c8c2abba51aaf4118dced586bfb6dc465660fb20aeecc3ff4e28aa345c8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7E04F3550072CBFCF222F64ED08E9E7E26FF44B52F044021FD09A6165CB318D65AB91
                                                                                                                                                                                                                                            Function 0084F8DD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0000FA00), ref: 0084F8E2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                            • Opcode ID: 2ecaaf4213f38b23fd2303395328f7d5c717579ec6d86c1280d0fc5dab310294
                                                                                                                                                                                                                                            • Instruction ID: c5549a232b3d3d19bbcffcf978646a5bac1bf435189a3ef830ae133f2eb25dd9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ecaaf4213f38b23fd2303395328f7d5c717579ec6d86c1280d0fc5dab310294
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                            Function 0085D8E0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                                                                            • Opcode ID: 38a33a36a66b76f5b95c0fff87ca229c0ca4851074e8b896b4d541ba4c28e78a
                                                                                                                                                                                                                                            • Instruction ID: 513542a1aa3967ce410b320a05a69ed4583298517e68b376de5fb766038f1246
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38a33a36a66b76f5b95c0fff87ca229c0ca4851074e8b896b4d541ba4c28e78a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBA011302003028BA3008F32AA0C2083AA8BA80AC0B00C028A808C2028EA30C0A0AF08
                                                                                                                                                                                                                                            Function 0086AAE2 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 127012223-0
                                                                                                                                                                                                                                            • Opcode ID: 9e90af216ea03829b75e3c5b610120fb989df9efffd49569696334b6ecff83b7
                                                                                                                                                                                                                                            • Instruction ID: 8e0b55463e6248a38277106ee54ee0b0350ba9ebb4e56873f02078d3a519e7b1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e90af216ea03829b75e3c5b610120fb989df9efffd49569696334b6ecff83b7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F571D5729002095BDF299E588C82FAF77AAFF45311F2A0459E904F7292E735DC408F62
                                                                                                                                                                                                                                            Function 0084FE29 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 0084FE70
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0084FE9C
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 0084FEDB
                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0084FEF8
                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0084FF37
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0084FF54
                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0084FF96
                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0084FFB9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2040435927-0
                                                                                                                                                                                                                                            • Opcode ID: dabbc6a59a75c8ff5a77da1d0a5d5dbe0431109648e13674a2186b9f558bc5b7
                                                                                                                                                                                                                                            • Instruction ID: 7565c1599bb706a61ffa3fb40e5cce57130087cbc98db01700f48b60f0a0a794
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dabbc6a59a75c8ff5a77da1d0a5d5dbe0431109648e13674a2186b9f558bc5b7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3051AC7260061EAFEB204F64CC45FAA7AA9FF41754F14443AFA15DA192EF31DC148B50
                                                                                                                                                                                                                                            Function 0085EE76 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                                                                            • Opcode ID: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                                                                                                                                                            • Instruction ID: ffd80e9ee20b2a9fb9c11de681e34130eb2cfed883c18e532ea14b5d668ce91b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCB15672A006559FDB168F28CC81BAE7BA6FF15311F1841A5EE44EB283D7709909C7A1
                                                                                                                                                                                                                                            Function 00850D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00850D77
                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00850D7F
                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00850E08
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00850E33
                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00850E88
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                            • Opcode ID: 791a455f46ffc0619c52e3fba15eb0bc644bad4a494859e180efee6b93635e0a
                                                                                                                                                                                                                                            • Instruction ID: 8394991d1e9810481efe7d32f85de05158384173395e63eef8bd0a6c7777d804
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 791a455f46ffc0619c52e3fba15eb0bc644bad4a494859e180efee6b93635e0a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0741BF34A0021C9BCB11DF68C886A9EBBB5FF44326F248555ED18EB352D731EA19CF91
                                                                                                                                                                                                                                            Function 00850080 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00850086
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00850094
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 008500A5
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                            • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                            • Opcode ID: 8ddf476b87f744c9096d092ba4cb82525907381bb3fe4a6ebaaaf14de3b064c7
                                                                                                                                                                                                                                            • Instruction ID: a1151405b8d3bba0d8d623cb5f3ba1806b8b4f433c149dc9397c29aba437d173
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ddf476b87f744c9096d092ba4cb82525907381bb3fe4a6ebaaaf14de3b064c7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6D05E31901610AB83116F747C0C8893EA8FB493003018056F41CE236CEFB4C6808A56
                                                                                                                                                                                                                                            Function 00864F81 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 978ae2eabcf3958217125d5ac2b2807efc0e6b45f63a8c6196a7a26329c5f528
                                                                                                                                                                                                                                            • Instruction ID: ec8b566f03af00234c07599887eecc08124a5f8de394b3053bf1926a9c5f8169
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 978ae2eabcf3958217125d5ac2b2807efc0e6b45f63a8c6196a7a26329c5f528
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84B11370A08B49AFDB11CFACD895BAEBBB0FF56304F154158E904EB382C7719941CBA1
                                                                                                                                                                                                                                            Function 00849B30 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849C97
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849CA8
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849CBC
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849CDD
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849CEE
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849D06
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2134207285-0
                                                                                                                                                                                                                                            • Opcode ID: 0d79655c0c9ff423635665d9957c9813654c8d18fd9e9771b03296f9cc85d337
                                                                                                                                                                                                                                            • Instruction ID: 87084ab2bfdff2e1d399b236652676e21c036c9dabf72edbbc2a99c9cad2f039
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d79655c0c9ff423635665d9957c9813654c8d18fd9e9771b03296f9cc85d337
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B441D3B1900748CBDB309F6989417ABBBF4FF45324F18062DD5BAA62D1D770A504CB93
                                                                                                                                                                                                                                            Function 0085ACE7 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0085ACDE,00850760,0084B77F,1D994CD9,?,?,?,?,0086BFCA,000000FF), ref: 0085ACF5
                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0085AD03
                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0085AD1C
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,0085ACDE,00850760,0084B77F,1D994CD9,?,?,?,?,0086BFCA,000000FF), ref: 0085AD6E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                            • Opcode ID: a43ef8e444d5dc5c14abb8a769aaf16e0d13f092558d365588f458eb6200bc59
                                                                                                                                                                                                                                            • Instruction ID: 6a94944a78c72d0ae4d9be77d329c3c9a7b13f5b52f7c72d804d4ba6a1d2f690
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a43ef8e444d5dc5c14abb8a769aaf16e0d13f092558d365588f458eb6200bc59
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40016D322096199DA72836787CC9A262E99FF00B77724033AFE24C21F0FF118C475142
                                                                                                                                                                                                                                            Function 0085B56E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 0085B68D
                                                                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0085B906
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                                                            • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                            • Opcode ID: ac557b962efd06785cb3680fe4ecb552032769fddbd842ba8e08d54f3d11084c
                                                                                                                                                                                                                                            • Instruction ID: 4f11c0ed463ec0917201e8b132d15928015408b1479def2b393cc6b5e1035965
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac557b962efd06785cb3680fe4ecb552032769fddbd842ba8e08d54f3d11084c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0B16F75800209EFCF19DFA8C8819AEBBB5FF24312F144569EC11AB212D731D959DF92
                                                                                                                                                                                                                                            Function 0084BE95 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Ref_count_base::_Decref.LIBCPMT ref: 0084BF44
                                                                                                                                                                                                                                            • std::_Ref_count_base::_Decref.LIBCPMT ref: 0084C028
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DecrefRef_count_base::_std::_
                                                                                                                                                                                                                                            • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                            • API String ID: 1456557076-2671469338
                                                                                                                                                                                                                                            • Opcode ID: 3bc8cf35d10f5a9cb4d9035f5866d5f8b574bfc119402af4b0753277c82b0f77
                                                                                                                                                                                                                                            • Instruction ID: 2364f2b7f6480c62394ea54379989a67db7c0755fdc40f06a14248d2f602f8ef
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc8cf35d10f5a9cb4d9035f5866d5f8b574bfc119402af4b0753277c82b0f77
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF41C934901208DFCF28DF68C9419AEB7B9FF58300B5880ADE449E7642CB34EA08CB52
                                                                                                                                                                                                                                            Function 008555C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,1D994CD9,?,?,00000000,0086BE94,000000FF,?,00855685,00000002,?,00855721,00858396), ref: 008555F9
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0085560B
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,0086BE94,000000FF,?,00855685,00000002,?,00855721,00858396), ref: 0085562D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                            • Opcode ID: 53d2289de237f6142a500a2b1413ccfc2e9cc84a31f5377a07263111a7faafe2
                                                                                                                                                                                                                                            • Instruction ID: 1882ae83fdef3183f2442d3d42dc118c16f96c0c2a909b7cc11b6dd07e45e09e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53d2289de237f6142a500a2b1413ccfc2e9cc84a31f5377a07263111a7faafe2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C701DB31A00A55AFDB128F44CC09BAEB7F8FB44715F004525F825E2294EB78D944CA50
                                                                                                                                                                                                                                            Function 0085D6EA Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0085D76F
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0085D838
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0085D89F
                                                                                                                                                                                                                                              • Part of subcall function 0085BF11: RtlAllocateHeap.NTDLL(00000000,0085DF35,?,?,0085DF35,00000220,?,00000000,?), ref: 0085BF43
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0085D8B2
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0085D8BF
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1423051803-0
                                                                                                                                                                                                                                            • Opcode ID: 9bdda93d43c219a9bca942ca8d2e0b984dfb3a6a7b1a238a1e5567bdc80f35eb
                                                                                                                                                                                                                                            • Instruction ID: 60fdd974f5626eca6d07cc6dca985bdd0e7f262065b3bb555b4f858f3e9a90a0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bdda93d43c219a9bca942ca8d2e0b984dfb3a6a7b1a238a1e5567bdc80f35eb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0151927260030AAFFB319F64CC81EBB7AA9FF44752B150939FD04DA251EB70DC5896A1
                                                                                                                                                                                                                                            Function 0084EFF1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0084F005
                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(00848E38), ref: 0084F024
                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(00848E38,0084A2F0,?), ref: 0084F052
                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(00848E38,0084A2F0,?), ref: 0084F0AD
                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(00848E38,0084A2F0,?), ref: 0084F0C4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 66001078-0
                                                                                                                                                                                                                                            • Opcode ID: 8e9c77e5f0ebecc6147192c2b0d2992ba5c5ba1df93278ebfdfbf0f0066d730a
                                                                                                                                                                                                                                            • Instruction ID: e9b8049a466507a30e907bdbf78ac5b654dc916a9e8260926d2c88c0cb71bcbc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e9c77e5f0ebecc6147192c2b0d2992ba5c5ba1df93278ebfdfbf0f0066d730a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93412271900A0EDFCB25CF65C4849AAB3B5FF88315B20492EE65AC7943E730E985CB52
                                                                                                                                                                                                                                            Function 00843C70 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00843CA5
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00843CBF
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00843CE0
                                                                                                                                                                                                                                            • __Getctype.LIBCPMT ref: 00843D92
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00843DD8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3087743877-0
                                                                                                                                                                                                                                            • Opcode ID: f334cd36094b196f7175ff1a93741d6232110c861549e6c5f5620d0820ed9903
                                                                                                                                                                                                                                            • Instruction ID: c943cce74b4f54a329b2b98dbbc9f708b1ade9b64d59f99c4568610334a73f93
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f334cd36094b196f7175ff1a93741d6232110c861549e6c5f5620d0820ed9903
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57414A71E002188FCB14DF98D845BAEBBB1FF58720F148119D829AB395DB35AE45CF91
                                                                                                                                                                                                                                            Function 0084D4C2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0084D4C9
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0084D4D3
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 0084D4EA
                                                                                                                                                                                                                                              • Part of subcall function 0084C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 0084C1F6
                                                                                                                                                                                                                                              • Part of subcall function 0084C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 0084C210
                                                                                                                                                                                                                                            • codecvt.LIBCPMT ref: 0084D50D
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0084D544
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3716348337-0
                                                                                                                                                                                                                                            • Opcode ID: 64eed041b6678f7be20db7a6b629c49c0c0b89a0446227025d2ff5eba4b65917
                                                                                                                                                                                                                                            • Instruction ID: 6dcd7cbeeded4cbe060430c9a2e573b06801fc2d3a67eebf487b1fb5639a0f6e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64eed041b6678f7be20db7a6b629c49c0c0b89a0446227025d2ff5eba4b65917
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1901613190022D9BCB05EBA88915AAEBBB5FF84724F154419E915EB292DF749E40CB83
                                                                                                                                                                                                                                            Function 0084ADD7 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0084ADDE
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0084ADE9
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0084AE57
                                                                                                                                                                                                                                              • Part of subcall function 0084ACAA: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0084ACC2
                                                                                                                                                                                                                                            • std::locale::_Setgloballocale.LIBCPMT ref: 0084AE04
                                                                                                                                                                                                                                            • _Yarn.LIBCPMT ref: 0084AE1A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1088826258-0
                                                                                                                                                                                                                                            • Opcode ID: af1da5c2393802aa48dee107a508669859d2fe62bc633dfcb5991d8e2e3ff2f8
                                                                                                                                                                                                                                            • Instruction ID: 4d77a58cc0cc8b593d488be1ecf17fcdbd701f6121778b848d04bed5ae6f7cdf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af1da5c2393802aa48dee107a508669859d2fe62bc633dfcb5991d8e2e3ff2f8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8401D475A402249BCB0AEF28D85557D7B71FF84750B04401DE915DB382CF38AE82CB83
                                                                                                                                                                                                                                            Function 0084B755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Ref_count_base::_Decref.LIBCPMT ref: 0084B809
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DecrefRef_count_base::_std::_
                                                                                                                                                                                                                                            • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                            • API String ID: 1456557076-2671469338
                                                                                                                                                                                                                                            • Opcode ID: f5c39e9f1fea5ba7eb4b1792c54c1a2ff34d25d5ef1f5812f1edf9f387d2e370
                                                                                                                                                                                                                                            • Instruction ID: 1db18e1a61b6c98d5ecb49640332d98d9b72544e5678fcb5c90000ea0dc95de3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5c39e9f1fea5ba7eb4b1792c54c1a2ff34d25d5ef1f5812f1edf9f387d2e370
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC21B03590060DDFCF289FA8C895B6AB7ACFF44761F14492EE451C7690DB34EA40CA82
                                                                                                                                                                                                                                            Function 00866940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,008669DC,00000000,?,0087D2B0,?,?,?,00866913,00000004,InitializeCriticalSectionEx,00870D34,00870D3C), ref: 0086694D
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008669DC,00000000,?,0087D2B0,?,?,?,00866913,00000004,InitializeCriticalSectionEx,00870D34,00870D3C,00000000,?,0085BBBC), ref: 00866957
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0086697F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                            • Opcode ID: 02afe2d533ee4fa7faddf8aec972468e6d5592aeaa4f093cf3a91bd072520106
                                                                                                                                                                                                                                            • Instruction ID: da3ca9d5d2a55830cf8bbffd50ee032d48ccbc967be2c21ef5db7eb71d22aa1e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02afe2d533ee4fa7faddf8aec972468e6d5592aeaa4f093cf3a91bd072520106
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FE0E570390A44BAEA211A64EC0AB693F55FF50B91F154824FD4DEC4A4FB72E8B09944
                                                                                                                                                                                                                                            Function 00863F9E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(1D994CD9,00000000,00000000,?), ref: 00864001
                                                                                                                                                                                                                                              • Part of subcall function 0085C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0085D895,?,00000000,-00000008), ref: 0085C082
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00864253
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00864299
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0086433C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                                                                            • Opcode ID: 47289ad6588489dff89dbd4f0d101212faad68e1cd480eff0d0ce474df5acab1
                                                                                                                                                                                                                                            • Instruction ID: 9cd939f8b3447cc6f587688e5f68a7234fcd0d86aed0c0b5e4067fd5d5cbd08c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47289ad6588489dff89dbd4f0d101212faad68e1cd480eff0d0ce474df5acab1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23D178B5E002589FCF15CFE8C884AEDBBB5FF19314F29412AE926EB351D630A941CB50
                                                                                                                                                                                                                                            Function 0085B295 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                                                                            • Opcode ID: 71a6074bc9a23fb22c2f9914bb8d89a4f9c9d33a1e78f09687c170740c592e66
                                                                                                                                                                                                                                            • Instruction ID: e2709393e3e890c916036cff81be2bc286203ab8343d6ffb8c001e31808b96f4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71a6074bc9a23fb22c2f9914bb8d89a4f9c9d33a1e78f09687c170740c592e66
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF51B171A046069FDB259F54C882BAABBE4FF24716F14402DED06E7391E731ED88CB91
                                                                                                                                                                                                                                            Function 00847220 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 008472C5
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00847395
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 008473A3
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 008473B1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2261580123-0
                                                                                                                                                                                                                                            • Opcode ID: 1da31b49a23766ba4e8d480f4596810a08be05ee4b4c766d2954ff21f62adefe
                                                                                                                                                                                                                                            • Instruction ID: 8f1639ea4c584642e8fe0a2905d0b0beeca53f7705142dcff3c9a3b1bb4aef27
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1da31b49a23766ba4e8d480f4596810a08be05ee4b4c766d2954ff21f62adefe
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8241E4B190470D8BDB20DF68C841B6AB7A8FF44324F544639D856D7791EB30E814CB92
                                                                                                                                                                                                                                            Function 00844460 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00844495
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 008444B2
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 008444D3
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00844580
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 593203224-0
                                                                                                                                                                                                                                            • Opcode ID: c9508b7cf880892a79621727dd5cc5a42aaa00266be8a38a0ab61533451a73cc
                                                                                                                                                                                                                                            • Instruction ID: 982b0ab9616c8027743c683d285d5f1a5903562926891053a1a2d238a0bf9c4c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9508b7cf880892a79621727dd5cc5a42aaa00266be8a38a0ab61533451a73cc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE414CB1D002198FCF14DF98D885BADBBB0FB48724F154269E919AB391DB34AD84CF91
                                                                                                                                                                                                                                            Function 00861DC6 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0085D895,?,00000000,-00000008), ref: 0085C082
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00861E2A
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00861E31
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00861E6B
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00861E72
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1913693674-0
                                                                                                                                                                                                                                            • Opcode ID: f67a56be0eeb3fa21372eba8a64432fb1690f05b7928541eaddb76a0ffb8dcbf
                                                                                                                                                                                                                                            • Instruction ID: 5c22f4848325da1e66ac7e1984b4e62f2a79f1988ae1b452ee10c21378ddf6bb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f67a56be0eeb3fa21372eba8a64432fb1690f05b7928541eaddb76a0ffb8dcbf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9210471604615AFDF20AF69D88882BB7A9FF04365B1A8518FC19D7102EB32EC008BA1
                                                                                                                                                                                                                                            Function 00852BA2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: bee40936f01c707b7751ff8b1e9e49e124d6700735294f7fbaa0c1c68039d22f
                                                                                                                                                                                                                                            • Instruction ID: 4321b4934a9d5db10b65c023e3cdf068b8f56929bd56d8cb95d5db10b7833848
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bee40936f01c707b7751ff8b1e9e49e124d6700735294f7fbaa0c1c68039d22f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0721CD31204619AF9B21AF6D9C8092A77A9FF52366B108514FC59D7252EF30EC488BA2
                                                                                                                                                                                                                                            Function 008631BE Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 008631C6
                                                                                                                                                                                                                                              • Part of subcall function 0085C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0085D895,?,00000000,-00000008), ref: 0085C082
                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008631FE
                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0086321E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 158306478-0
                                                                                                                                                                                                                                            • Opcode ID: dda36894cbf54aef00de1e48621ab2b803f572402ddd028c1904c4086d57080c
                                                                                                                                                                                                                                            • Instruction ID: ec70f1144b93b44245240a66ec8d23683ae4b395a0bbe732083154ed3c39a25c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dda36894cbf54aef00de1e48621ab2b803f572402ddd028c1904c4086d57080c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF1122B1500A197FAB2227B99C8ECBF7A5CFED43AA7110028FA05D1201FF64DF0485B2
                                                                                                                                                                                                                                            Function 0084E892 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0084E899
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0084E8A3
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 0084E8BA
                                                                                                                                                                                                                                              • Part of subcall function 0084C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 0084C1F6
                                                                                                                                                                                                                                              • Part of subcall function 0084C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 0084C210
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0084E914
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1383202999-0
                                                                                                                                                                                                                                            • Opcode ID: 95f42a6087b373cd9c9e3328040d91e7d7294150c6939a840501c63e4a72358d
                                                                                                                                                                                                                                            • Instruction ID: 54bdfc9cf8def6ad6dc55d413e756f60f5cc9c4c0f9a38cb1479ad5cc1a3dacc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95f42a6087b373cd9c9e3328040d91e7d7294150c6939a840501c63e4a72358d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C11AD3190422D9BCB09EBA8C945ABEBF75FF84724F254119E515EB2D2CF749E40CB82
                                                                                                                                                                                                                                            Function 0086ADA0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0086A2EF,00000000,00000001,00000000,?,?,00864390,?,00000000,00000000), ref: 0086ADB7
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0086A2EF,00000000,00000001,00000000,?,?,00864390,?,00000000,00000000,?,?,?,00863CD6,00000000), ref: 0086ADC3
                                                                                                                                                                                                                                              • Part of subcall function 0086AE20: CloseHandle.KERNEL32(FFFFFFFE,0086ADD3,?,0086A2EF,00000000,00000001,00000000,?,?,00864390,?,00000000,00000000,?,?), ref: 0086AE30
                                                                                                                                                                                                                                            • ___initconout.LIBCMT ref: 0086ADD3
                                                                                                                                                                                                                                              • Part of subcall function 0086ADF5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0086AD91,0086A2DC,?,?,00864390,?,00000000,00000000,?), ref: 0086AE08
                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0086A2EF,00000000,00000001,00000000,?,?,00864390,?,00000000,00000000,?), ref: 0086ADE8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                                                                            • Opcode ID: 5904e405a97f6b55f219dbcb2de3916bff54ba2f0aa4ea7d041604095035df1a
                                                                                                                                                                                                                                            • Instruction ID: e39498b4bae4ce3d38cf19c9b4ca4ba1d9cca6a3f0f1fe3e1fdf3752ddc11ab6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5904e405a97f6b55f219dbcb2de3916bff54ba2f0aa4ea7d041604095035df1a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4F01C36514118BFCF221FD5DC0899A3F26FF497A2B014011FA0CA6524EB32CCA0AF92
                                                                                                                                                                                                                                            Function 008504F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00850507
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00850516
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0085051F
                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0085052C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                                            • Opcode ID: 93918f4d74c2ae9edbc3b846c7a38b6f4193ab3ef136e987e7c96cf2cd53140e
                                                                                                                                                                                                                                            • Instruction ID: c5ca3c036595d07c335f78903483485fbeaffcf756d2f3ca1e81f7a1c1b9bb61
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93918f4d74c2ae9edbc3b846c7a38b6f4193ab3ef136e987e7c96cf2cd53140e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AEF0B270D1020CEBCB00DFB4DA4898EBBF4FF1C204B914995E416E7114EB30EB948B50
                                                                                                                                                                                                                                            Function 00860976 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(?,?,00855495,00878E38,0000000C), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000), ref: 0085C210
                                                                                                                                                                                                                                            • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00855BD5,?,?,?,00000055,?,-00000050,?,?,?), ref: 00860A35
                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00855BD5,?,?,?,00000055,?,-00000050,?,?), ref: 00860A6C
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                                                                            • API String ID: 943130320-905460609
                                                                                                                                                                                                                                            • Opcode ID: 3dc68e5475c482730a8a161b01a022fda351216d20ce9b778f927b22e8486ef3
                                                                                                                                                                                                                                            • Instruction ID: 120520e900ace504cd23db7745a21e572d7043c2a1820fdefb01f59711d54791
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3dc68e5475c482730a8a161b01a022fda351216d20ce9b778f927b22e8486ef3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7512831A00705AADB25AB748C42FBB73A8FF05755F168429F549D7182FAB0DD408F6A
                                                                                                                                                                                                                                            Function 008473E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::_Release_chore.LIBCPMT ref: 00847526
                                                                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00847561
                                                                                                                                                                                                                                              • Part of subcall function 0084AF37: CreateThreadpoolWork.KERNEL32(0084B060,00848A2A,00000000), ref: 0084AF46
                                                                                                                                                                                                                                              • Part of subcall function 0084AF37: Concurrency::details::_Reschedule_chore.LIBCPMT ref: 0084AF53
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::_$CreateRelease_choreReschedule_choreThreadpoolWork___std_exception_copy
                                                                                                                                                                                                                                            • String ID: Fail to schedule the chore!
                                                                                                                                                                                                                                            • API String ID: 3683891980-3313369819
                                                                                                                                                                                                                                            • Opcode ID: 24482dc271c5f40686070e13ba6d9b60dd566a811ae420cbeb8ee9a2b6cc1789
                                                                                                                                                                                                                                            • Instruction ID: 15a08646072fed8d983a9402460bf577e83f863a8110990fa2b03798ad0b5e57
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24482dc271c5f40686070e13ba6d9b60dd566a811ae420cbeb8ee9a2b6cc1789
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51518EB1D01218DFCB05DF94D844BAEBBB5FF08314F144129E919AB391E775A909CF92
                                                                                                                                                                                                                                            Function 0085B992 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0085B893,?,?,00000000,00000000,00000000,?), ref: 0085B9B7
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                            • Opcode ID: 46cbe7b083b6c10cd03454bfa792b372b7bb321499ac125c81f3fec9f9fcd135
                                                                                                                                                                                                                                            • Instruction ID: 1bb224d1f7bdcc7be1e6c0418859cb4e7f02a181e0d2ea184ce082d08810d7e2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46cbe7b083b6c10cd03454bfa792b372b7bb321499ac125c81f3fec9f9fcd135
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22417832900219AFCF16DF98CC81AEEBBB5FF58302F188199FE14A7211E3359954DB91
                                                                                                                                                                                                                                            Function 00843E90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00843EC6
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00844002
                                                                                                                                                                                                                                              • Part of subcall function 0084ABC5: _Yarn.LIBCPMT ref: 0084ABE5
                                                                                                                                                                                                                                              • Part of subcall function 0084ABC5: _Yarn.LIBCPMT ref: 0084AC09
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LockitYarnstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                                                                            • API String ID: 2070049627-1405518554
                                                                                                                                                                                                                                            • Opcode ID: 4f49c2d0079201cb2d121cf9165136044d33c8df1904fd563454d7f9b954d9b6
                                                                                                                                                                                                                                            • Instruction ID: 3971b17d0fdeeb8854d8bc23969670d760f301c24e8c22cb303058dfdea48b74
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f49c2d0079201cb2d121cf9165136044d33c8df1904fd563454d7f9b954d9b6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0412BF1A007459BEB10DF69C805B57BAE8BF04714F044628E459DB781E7B9E518CBE2
                                                                                                                                                                                                                                            Function 0085B1FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0085B475
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                                                            • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                            • Opcode ID: 841eeca0df29e4de03570fdc4d44e52307da6379f40954317595591876774017
                                                                                                                                                                                                                                            • Instruction ID: 8ed4ed461676dc31d2948c028783ef7056efb5a9abc3f77a02eced55c16f65aa
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 841eeca0df29e4de03570fdc4d44e52307da6379f40954317595591876774017
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B31FB75400219EBCF3A9F54CC448AE7B66FF28317B18465AFD44CA122D332DDA9DB82
                                                                                                                                                                                                                                            Function 0084B831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0084B8B9
                                                                                                                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?,?), ref: 0084B8DE
                                                                                                                                                                                                                                              • Part of subcall function 0085060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0084F354,02BB37B8,?,?,?,0084F354,00843D4A,0087759C,00843D4A), ref: 0085066D
                                                                                                                                                                                                                                              • Part of subcall function 00858353: IsProcessorFeaturePresent.KERNEL32(00000017,0085C224), ref: 0085836F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                            • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                            • Opcode ID: 1bce12d7cfd8d9cc2ebcc6527fec4351db28f9ccea6b2e496a16ce6fdd2af7eb
                                                                                                                                                                                                                                            • Instruction ID: d4d0f6f604d992ed8e2ba966acf26d643022d82275504995e93b62fbf397e6b7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bce12d7cfd8d9cc2ebcc6527fec4351db28f9ccea6b2e496a16ce6fdd2af7eb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2215331E0021CEBCF24DF99D845AAEB7B9FF50750F180429E906EB251DB70ED458B82
                                                                                                                                                                                                                                            Function 0084B46C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00842673
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ___std_exception_copy
                                                                                                                                                                                                                                            • String ID: bad array new length$ios_base::badbit set
                                                                                                                                                                                                                                            • API String ID: 2659868963-1158432155
                                                                                                                                                                                                                                            • Opcode ID: ccf713c7908f342ed5ec2234810fb6c2d6ba4cb7c87254e40090bc4cb9e5dfdc
                                                                                                                                                                                                                                            • Instruction ID: 3a43a748f3257e0e3005032640890d31111127463681b1a3bd406ef20a3bd189
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccf713c7908f342ed5ec2234810fb6c2d6ba4cb7c87254e40090bc4cb9e5dfdc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2019EF1604304ABDB049F28D855A1A7BE4FB18318F11881CF559CB301D375E808CB82
                                                                                                                                                                                                                                            Function 00842610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0084F354,02BB37B8,?,?,?,0084F354,00843D4A,0087759C,00843D4A), ref: 0085066D
                                                                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00842673
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1694812963.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694797495.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694841420.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1694859445.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695774169.000000000087B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695796698.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695815500.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1695853931.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                            • String ID: bad array new length$ios_base::badbit set
                                                                                                                                                                                                                                            • API String ID: 3109751735-1158432155
                                                                                                                                                                                                                                            • Opcode ID: 5184c4caf2ad40d7666167fc9f98797256676602d4bca5216ecbaf66da611765
                                                                                                                                                                                                                                            • Instruction ID: 4f54ca43b7d51de82d174464fec8d91e38ac6bf0e3ae3c626541bca1613f010f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5184c4caf2ad40d7666167fc9f98797256676602d4bca5216ecbaf66da611765
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14F0D4F1A14300ABD700AF58D849747BAE4FB59719F12881CFA98DB300D3B5D458CB92

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:1.4%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                            Signature Coverage:9.4%
                                                                                                                                                                                                                                            Total number of Nodes:53
                                                                                                                                                                                                                                            Total number of Limit Nodes:6
                                                                                                                                                                                                                                            execution_graph 34779 408680 34780 40868f 34779->34780 34781 408a8a ExitProcess 34780->34781 34782 408a73 34780->34782 34783 4086a4 GetCurrentProcessId GetCurrentThreadId 34780->34783 34794 43dcd0 FreeLibrary 34782->34794 34784 408708 SHGetSpecialFolderPathW 34783->34784 34785 4086f8 34783->34785 34787 408870 34784->34787 34785->34784 34788 408916 GetForegroundWindow 34787->34788 34789 40893e 34788->34789 34789->34782 34793 40c840 CoInitializeEx 34789->34793 34794->34781 34795 436103 34797 43611b 34795->34797 34796 436132 GetUserDefaultUILanguage 34798 436155 34796->34798 34797->34796 34799 43dd02 34800 43dd32 34799->34800 34801 43dd10 34799->34801 34802 43dd1e 34799->34802 34803 43dd3d 34799->34803 34801->34802 34801->34803 34805 43dd23 RtlReAllocateHeap 34802->34805 34806 43c060 34803->34806 34805->34800 34807 43c073 34806->34807 34808 43c075 34806->34808 34807->34800 34809 43c07a RtlFreeHeap 34808->34809 34809->34800 34810 441800 34812 441820 34810->34812 34811 4419f8 34814 4418de 34812->34814 34816 43dd60 LdrInitializeThunk 34812->34816 34814->34811 34817 43dd60 LdrInitializeThunk 34814->34817 34816->34814 34817->34811 34844 43e7e7 34845 43e810 34844->34845 34845->34845 34847 43e87e 34845->34847 34848 43dd60 LdrInitializeThunk 34845->34848 34848->34847 34849 43e665 GetForegroundWindow 34853 43fe80 34849->34853 34851 43e671 GetForegroundWindow 34852 43e68c 34851->34852 34854 43fe90 34853->34854 34854->34851 34828 43c04b RtlAllocateHeap 34829 4366ca 34830 4366f0 34829->34830 34831 436719 34830->34831 34833 43dd60 LdrInitializeThunk 34830->34833 34833->34830 34834 43ddc9 34836 43ddf0 34834->34836 34835 43de5e 34836->34835 34838 43dd60 LdrInitializeThunk 34836->34838 34838->34835 34855 40cdb1 CoUninitialize 34856 40ed62 34855->34856 34862 40c87d CoInitializeSecurity

                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                            Function 00408680 Relevance: 7.8, APIs: 5, Instructions: 326threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 004086A4
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004086AE
                                                                                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00408801
                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00408930
                                                                                                                                                                                                                                              • Part of subcall function 0040C840: CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C853
                                                                                                                                                                                                                                              • Part of subcall function 0040B500: FreeLibrary.KERNEL32(00408A73), ref: 0040B506
                                                                                                                                                                                                                                              • Part of subcall function 0040B500: FreeLibrary.KERNEL32 ref: 0040B527
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00408A8C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3072701918-0
                                                                                                                                                                                                                                            • Opcode ID: dacdd09466a324c1bf5524c4d89d99e6785de18e134b5e647da144b5f1cecb64
                                                                                                                                                                                                                                            • Instruction ID: eabe80a0988320ad0fe8d5dff74cf57d9a85e1bf4da21146afe843ea261adb29
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dacdd09466a324c1bf5524c4d89d99e6785de18e134b5e647da144b5f1cecb64
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FA12673E487144BD318AF69CC5235BF6D6ABC4714F0BC53EA889E7395EEB88C018685
                                                                                                                                                                                                                                            Function 0040AECE Relevance: 6.7, Strings: 5, Instructions: 448COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 35 40aece-40aedf 36 40aee0-40aee9 35->36 36->36 37 40aeeb-40aefd 36->37 39 40af10 37->39 40 40b232-40b239 37->40 41 40b155-40b1ef call 407e70 37->41 42 40af16-40af18 37->42 43 40b1f6-40b200 37->43 44 40b218-40b22b 37->44 45 40b149-40b150 37->45 46 40b26a-40b275 37->46 47 40af1d-40b0ff 37->47 39->42 53 40b242-40b265 call 43f900 40->53 41->40 41->43 41->44 41->46 41->53 54 40b207-40b213 41->54 55 40b300-40b316 41->55 56 40b3a0-40b3bd 41->56 57 40b3e0 41->57 58 40b2a2-40b2b8 41->58 59 40b3c4-40b3d4 41->59 60 40b3e6-40b3ed 41->60 61 40b36a-40b374 41->61 62 40b40b-40b414 41->62 63 40b4b0 41->63 64 40b4b2 41->64 65 40b392-40b39b 41->65 66 40b3f4-40b409 call 43f900 41->66 67 40b456-40b46f call 43dcf0 41->67 68 40b476-40b49c 41->68 69 40b419-40b429 41->69 70 40b4b9 41->70 71 40b35a-40b363 41->71 72 40b37b-40b390 call 43f900 41->72 73 40b4be 41->73 74 40b49e 41->74 48 40b4ed-40b4f4 42->48 43->53 43->54 44->40 44->46 44->53 44->54 44->55 44->56 44->57 44->58 44->59 44->60 44->61 44->62 44->63 44->64 44->65 44->66 44->67 44->68 44->69 44->70 44->71 44->72 44->73 44->74 50 40b4e1-40b4ea 45->50 51 40b280-40b292 46->51 49 40b100-40b129 47->49 49->49 85 40b12b-40b133 49->85 50->48 51->51 76 40b294-40b299 51->76 88 40b4d4-40b4d7 53->88 54->88 78 40b320-40b33c 55->78 56->53 56->54 56->57 56->59 56->60 56->62 56->63 56->64 56->65 56->66 56->67 56->68 56->69 56->70 56->72 56->73 56->74 77 40b2c0-40b2dc 58->77 59->53 59->54 59->57 59->60 59->62 59->63 59->64 59->65 59->66 59->67 59->68 59->69 59->70 59->72 59->73 59->74 60->53 60->54 60->62 60->65 60->66 60->72 61->53 61->54 61->65 61->72 82 40b4c1 62->82 63->64 64->53 64->54 64->57 64->60 64->62 64->65 64->66 64->70 64->72 64->73 80 40b4c8-40b4cb 65->80 66->62 67->53 67->54 67->57 67->60 67->62 67->63 67->64 67->65 67->66 67->68 67->70 67->72 67->73 67->74 86 40b4a3-40b4a9 68->86 83 40b430-40b434 69->83 70->83 71->53 71->54 71->56 71->57 71->59 71->60 71->61 71->62 71->63 71->64 71->65 71->66 71->67 71->68 71->69 71->70 71->72 71->73 71->74 72->65 73->82 74->86 76->58 77->77 92 40b2de-40b2f4 77->92 78->78 93 40b33e-40b351 78->93 80->88 82->80 99 40b43b-40b44f 83->99 100 40b139-40b142 85->100 86->63 98 40b4de 88->98 92->55 93->71 98->50 99->53 99->54 99->57 99->60 99->62 99->63 99->64 99->65 99->66 99->67 99->68 99->70 99->72 99->73 99->74 100->40 100->41 100->43 100->44 100->45 100->46 100->53 100->54 100->55 100->56 100->57 100->58 100->59 100->60 100->61 100->62 100->63 100->64 100->65 100->66 100->67 100->68 100->69 100->70 100->71 100->72 100->73 100->74
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: f?d$"j!h$8r<p$:n=l$n&G$
                                                                                                                                                                                                                                            • API String ID: 0-4152412813
                                                                                                                                                                                                                                            • Opcode ID: 2ac745100180af5c69f0f813abfbf65c9568c07f9aaa2a30594b6bdae996c659
                                                                                                                                                                                                                                            • Instruction ID: f39bb9ca2a08d60f92e0ff944048c6f981221b2073873a5d09da46bf52393ac3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ac745100180af5c69f0f813abfbf65c9568c07f9aaa2a30594b6bdae996c659
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6F1CBB5200B02CFD324CF25D881B56BBB2FB4A310F19867DD55A8B6A2D334E855CF99
                                                                                                                                                                                                                                            Function 0043DD60 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 149 43dd60-43dd92 LdrInitializeThunk
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LdrInitializeThunk.NTDLL(004414A0,?,00000018,?,?,00000018,?,?,?), ref: 0043DD8E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                            • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                            • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                            Function 0043DFFB Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 151 43dffb-43e02f 152 43e030-43e088 151->152 152->152 153 43e08a-43e092 152->153 154 43e0b1-43e0c9 call 43d460 153->154 155 43e094-43e099 153->155 159 43e0f3 154->159 160 43e0cb-43e0d1 154->160 156 43e0a0-43e0af 155->156 156->154 156->156 162 43e0f6-43e15b 159->162 161 43e0e0-43e0ef 160->161 161->161 163 43e0f1 161->163 164 43e160-43e1a0 162->164 163->162 164->164 165 43e1a2-43e1ad 164->165 166 43e1d0-43e1d3 165->166 167 43e1af-43e1ba 165->167 168 43e1f6-43e20f 166->168 169 43e1c0-43e1c7 167->169 170 43e1d5-43e1db 169->170 171 43e1c9-43e1cc 169->171 170->168 172 43e1dd-43e1ee call 43dd60 170->172 171->169 173 43e1ce 171->173 175 43e1f3 172->175 173->168 175->168
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: |&E
                                                                                                                                                                                                                                            • API String ID: 0-1740799517
                                                                                                                                                                                                                                            • Opcode ID: 0931667cd185c21d7644e9aa89c837d0d9cddbc7fbd69f65816085b93e51aab9
                                                                                                                                                                                                                                            • Instruction ID: fe65b27999aadb237a282f0d043f4477ea190b92c2fb107026df1515e9e5e4d7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0931667cd185c21d7644e9aa89c837d0d9cddbc7fbd69f65816085b93e51aab9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8514976E112258BDB28CF25C85167BF7B2FF99300F19946DC886AB391D7789C02C794
                                                                                                                                                                                                                                            Function 0043E665 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 0043E665
                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 0043E680
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ForegroundWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2020703349-0
                                                                                                                                                                                                                                            • Opcode ID: b2412eb72c14a2f95b85ec42464bed5094b0225504fe54e0e84df741a6296e60
                                                                                                                                                                                                                                            • Instruction ID: cb20e1a5d60d206dd47ed1627e8893cbee1526d5e7480df64a797c5a63076adf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2412eb72c14a2f95b85ec42464bed5094b0225504fe54e0e84df741a6296e60
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49D0C7B9D510404B9705AF61BC5646B3316AF4B60FB48503DF50301633E7255619C64E
                                                                                                                                                                                                                                            Function 00436103 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 120 436103-436127 call 43f900 123 43612b-43612e 120->123 124 436129 120->124 125 436132-436153 GetUserDefaultUILanguage 123->125 126 436130 123->126 124->123 127 436155-436158 125->127 126->125 128 436171-43619c 127->128 129 43615a-43616f 127->129 129->127
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetUserDefaultUILanguage.KERNELBASE ref: 00436132
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DefaultLanguageUser
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 95929093-0
                                                                                                                                                                                                                                            • Opcode ID: c7250859cb3b9fe14a3d82ee89100373c5bea2be81fee64b46e027dd57f3e5a7
                                                                                                                                                                                                                                            • Instruction ID: a6f1a487d13d39ce5863ba8db285ee1c04577832e08c540f1a341033151f45ad
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7250859cb3b9fe14a3d82ee89100373c5bea2be81fee64b46e027dd57f3e5a7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF11C2249047878FCF24CB388C553AE7FB15F2A320F15439DD99A973E2D6254A81CB52
                                                                                                                                                                                                                                            Function 0043DD02 Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 130 43dd02-43dd09 131 43dd32-43dd3b call 43c030 130->131 132 43dd10-43dd17 130->132 133 43dd1e-43dd30 call 43f4d0 RtlReAllocateHeap 130->133 134 43dd3d-43dd3e call 43c060 130->134 141 43dd48-43dd4a 131->141 132->133 132->134 133->141 138 43dd43-43dd46 134->138 138->141
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlReAllocateHeap.NTDLL(?,00000000), ref: 0043DD2A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                            • Opcode ID: 0b67cc455f2c991f7c3737809b6b24a3feaa5914fb18de76812f77347bde2f7c
                                                                                                                                                                                                                                            • Instruction ID: 61a143b709c9f2bbe2a982b82dfe490be4ee5373b6e45d20039246120c229fdc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b67cc455f2c991f7c3737809b6b24a3feaa5914fb18de76812f77347bde2f7c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAE07D36974101E7D2042F387D06B5B3534DFE7789F011437F001A5066DF2DC812929E
                                                                                                                                                                                                                                            Function 0040C840 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 142 40c840-40c874 CoInitializeEx
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C853
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Initialize
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2538663250-0
                                                                                                                                                                                                                                            • Opcode ID: 369f76dbda4c5c1fb59ce705134cd82ae0c6b45717b1564207481ecceba7868e
                                                                                                                                                                                                                                            • Instruction ID: 02eb813cb4ea6b382a5a54953304757577123e7e3f30dc08e0c702606f6c9218
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 369f76dbda4c5c1fb59ce705134cd82ae0c6b45717b1564207481ecceba7868e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34D02BB67446045BF30CAF28ED07F16362A63C3B65F408338A563861D6D9202802C16C
                                                                                                                                                                                                                                            Function 0040C87D Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 143 40c87d-40c8ac CoInitializeSecurity
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C88F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeSecurity
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 640775948-0
                                                                                                                                                                                                                                            • Opcode ID: 02cc0357af2a1282849c1fc99fe9a8f31966633488f5ee9ec0c58b9523934b0c
                                                                                                                                                                                                                                            • Instruction ID: 93d07af8e15d5c5891f9d9328754b4add415c4753f78ba6a3f89e21f3bb60a06
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02cc0357af2a1282849c1fc99fe9a8f31966633488f5ee9ec0c58b9523934b0c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53D092383D87007BEA645B18AC57F1462506706F25F300224B366FE7E1C99061008A0C
                                                                                                                                                                                                                                            Function 0043C060 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 144 43c060-43c06c 145 43c073-43c074 144->145 146 43c075-43c087 call 43f4d0 RtlFreeHeap 144->146
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,00000000,00000004,0043C300,?), ref: 0043C080
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                                            • Opcode ID: d6d32710ebd2c982b0e01aca522612ae8a6808f660f3acf0a917316f46dea714
                                                                                                                                                                                                                                            • Instruction ID: b8ffc7b635715acb642a12f03b921adf348de50e9db53c95b6d81706696e969f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6d32710ebd2c982b0e01aca522612ae8a6808f660f3acf0a917316f46dea714
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11D0C932815132FBCA112B28BC16BC73A949F5A225F0748A2B4006B0B6D674DC91DAD8
                                                                                                                                                                                                                                            Function 0043C04B Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 150 43c04b-43c058 RtlAllocateHeap
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000), ref: 0043C051
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                            • Opcode ID: 6aff9c068d56e6ff4ebf23b71d8028e304f2e2c49e045871fdbc904bdb25a5c1
                                                                                                                                                                                                                                            • Instruction ID: 2915834580b57b887275cc2cf2b3162d5046227f6f14af2f6d1c1ee5262823b3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6aff9c068d56e6ff4ebf23b71d8028e304f2e2c49e045871fdbc904bdb25a5c1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75A01130080220ABCA282B00BE08FC23E20EB22222F0200A2B000080B282A08882CA88
                                                                                                                                                                                                                                            Function 0040CDB1 Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3861434553-0
                                                                                                                                                                                                                                            • Opcode ID: 8fcaa2b2ce65f703ba86f13ff2d7eaa034a07b28c59d1641a2dde7befe53fb4b
                                                                                                                                                                                                                                            • Instruction ID: 9b08bc60223325e1bf5aba78b706ddf8b1f3cefbdabe50960730c25430284ab0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fcaa2b2ce65f703ba86f13ff2d7eaa034a07b28c59d1641a2dde7befe53fb4b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9C04C3825C641DBD649CB31DC9556933BAEB9A706B14D479C043877A6DA305416864C

                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                            Function 00432A40 Relevance: 71.9, APIs: 1, Strings: 40, Instructions: 199memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocString
                                                                                                                                                                                                                                            • String ID: $"$#$$$&$'$($*$,$.$0$2$4$6$8$8$:$<$>$?$A$B$H$J$L$M$P$P$Q$R$S$X$Z$\$^$_$`$r$w$y
                                                                                                                                                                                                                                            • API String ID: 2525500382-810699627
                                                                                                                                                                                                                                            • Opcode ID: 0dca25496aefb40c577bd73c3ef91dbf49218b3d3d3069416841fbfb493506a1
                                                                                                                                                                                                                                            • Instruction ID: f20fc5b02ddb50d1b854d250108d6647cbe28fecb208b1a4e36db86450dcc2b7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dca25496aefb40c577bd73c3ef91dbf49218b3d3d3069416841fbfb493506a1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41A16D2160C7D18ED336863C885939FBEC11BE7228F094A9DD5ED4B2D3CAB94509C767
                                                                                                                                                                                                                                            Function 004315E0 Relevance: 71.9, APIs: 1, Strings: 40, Instructions: 199memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocString
                                                                                                                                                                                                                                            • String ID: $"$#$$$&$'$($*$,$.$0$2$4$6$8$8$:$<$>$?$A$B$H$J$L$M$P$P$Q$R$S$X$Z$\$^$_$`$r$w$y
                                                                                                                                                                                                                                            • API String ID: 2525500382-810699627
                                                                                                                                                                                                                                            • Opcode ID: 65bdd9a008074facf1bd4fdb788f66b981c574430443fbea6f4c089478d32145
                                                                                                                                                                                                                                            • Instruction ID: ef76fa19242391fc9bd363bc58e8f012340550a420c0dee2cf56ccd12a9d6e40
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65bdd9a008074facf1bd4fdb788f66b981c574430443fbea6f4c089478d32145
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADA16C2160C7C18EE336863C885939FBEC11BE7228F094A9DD5ED4B3D3CAB945098767
                                                                                                                                                                                                                                            Function 004334D0 Relevance: 50.9, APIs: 2, Strings: 27, Instructions: 174COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MetricsSystem
                                                                                                                                                                                                                                            • String ID: $&<C$*CC$:C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$t<C$~DC$:C$=C$>C$CC
                                                                                                                                                                                                                                            • API String ID: 4116985748-1632335654
                                                                                                                                                                                                                                            • Opcode ID: 6dff38ffafbb10221c56d6f5494940dc9c295d6bf78e0d9b7260acc0cc0bc3dc
                                                                                                                                                                                                                                            • Instruction ID: 3d5d168710d57ee167ab9eca3015516b113f4f838193d13a39da8d7fdac03116
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dff38ffafbb10221c56d6f5494940dc9c295d6bf78e0d9b7260acc0cc0bc3dc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38B15BB041A3888FE774DF15C58979EBBE0FB85708F00891EE5988B350C7B85549CF9A
                                                                                                                                                                                                                                            Function 00438DC0 Relevance: 28.6, APIs: 10, Strings: 6, Instructions: 614memorycomCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0044368C,00000000,00000001,0044367C,00000000), ref: 0043900A
                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(58245A70), ref: 00439067
                                                                                                                                                                                                                                            • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004390AD
                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(61B167B9), ref: 00439110
                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(61B167B9), ref: 004391BA
                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(D9D8DFD6), ref: 00439225
                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004393A8
                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 004393D0
                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 004393D6
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: String$Alloc$FreeVariant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                            • String ID: :$Xrsp$YV$\$d7g1$e3`=
                                                                                                                                                                                                                                            • API String ID: 3490847348-1510934275
                                                                                                                                                                                                                                            • Opcode ID: 7eb7ce4718dce13f76be410733157b9cf7767b50c8ed0b77f8a01274eec6001c
                                                                                                                                                                                                                                            • Instruction ID: 848e2ce4f2c3d07268f08617978c1b7cabf7425fa1e2c732810c4fb09bee5186
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7eb7ce4718dce13f76be410733157b9cf7767b50c8ed0b77f8a01274eec6001c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C512E076A083409FD710CF69C88075BBBE2EBC9714F14892DF9959B391C7B8D905CB86
                                                                                                                                                                                                                                            Function 00423730 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 409COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 004237E8
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0042385A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                            • String ID: ?Q<S$@A$J%O'$K)K+$S=S?$^1V3$MO$]_
                                                                                                                                                                                                                                            • API String ID: 237503144-211844116
                                                                                                                                                                                                                                            • Opcode ID: c87d522e612ed962fa4ecd8c277ad0997bc9d569ccee6c419b766c3c979297e1
                                                                                                                                                                                                                                            • Instruction ID: b761aa693eda798c55f79d3232c0833f2606dbd92c11650264d9da13dcfa462f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c87d522e612ed962fa4ecd8c277ad0997bc9d569ccee6c419b766c3c979297e1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12C1FFB46083518FD310DF65E89126BBBF1EFC6315F448A2DE5D68B340DB788946CB86
                                                                                                                                                                                                                                            Function 0041E240 Relevance: 13.3, Strings: 10, Instructions: 829COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: $$&$6-v<$CJGW$FGOH$SGWS$XDAA$dca$$gncs$%H
                                                                                                                                                                                                                                            • API String ID: 0-2567165219
                                                                                                                                                                                                                                            • Opcode ID: ebc0182c2b312a18733827621b348a28c7f14e54506b3cc48865db96795604bb
                                                                                                                                                                                                                                            • Instruction ID: ebe2843a33e16690389dfa48c484cc8a1ca90b1526a99ddc332eadeccd98d69c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebc0182c2b312a18733827621b348a28c7f14e54506b3cc48865db96795604bb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C524A7450C3908FC725DF25C8407AFBBE1AF86304F08866EE8E55B392D7399949CB96
                                                                                                                                                                                                                                            Function 00428310 Relevance: 12.9, APIs: 2, Strings: 5, Instructions: 692COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 004283D1
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,?), ref: 0042842F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                            • String ID: "#`$"#`$&@AF$@A$HI
                                                                                                                                                                                                                                            • API String ID: 237503144-3888265313
                                                                                                                                                                                                                                            • Opcode ID: 9cdf12974c0a9833ca7c344cd6375dbeaa15c7f9f6be0858825427d2b41fcbc3
                                                                                                                                                                                                                                            • Instruction ID: 38a4f7a1e83fc4c522501c2c4e651e4739e84585521ceade4aac20272e12b8f8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cdf12974c0a9833ca7c344cd6375dbeaa15c7f9f6be0858825427d2b41fcbc3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 363200B16083518FD714DF68D85176FB7E1EF85304F04892EE9D58B382EB389906CB9A
                                                                                                                                                                                                                                            Function 00433330 Relevance: 9.1, APIs: 6, Instructions: 130clipboardCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Clipboard$CloseDataOpen
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2058664381-0
                                                                                                                                                                                                                                            • Opcode ID: 9717dd624323f6a0f409f6f8d250936eafbde0b3fe7887fb6ab28b9efa3a08ab
                                                                                                                                                                                                                                            • Instruction ID: eeaf64ca92df5765018a50bfd7b5975e2f88e63ffb0f80d8313722f2f437dc96
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9717dd624323f6a0f409f6f8d250936eafbde0b3fe7887fb6ab28b9efa3a08ab
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3741F3B08087829FD701AF78D44939EBFA0AF16315F04853ED8D987242D37D9A58C7A7
                                                                                                                                                                                                                                            Function 00861A07 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,008613BD,?,00000000), ref: 00861AA0
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,008613BD,?,00000000), ref: 00861AC9
                                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,008613BD,?,00000000), ref: 00861ADE
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                            • Opcode ID: 0d477d2624081a92ac096f61804047db67a930863875a500049795a168443f84
                                                                                                                                                                                                                                            • Instruction ID: f65857f251883a924d1387aced5cd338a663dd1892d36a066156d165a46315ab
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d477d2624081a92ac096f61804047db67a930863875a500049795a168443f84
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6521B822B0212597DF35CFE4D908A9B72A7FB50B56B5F8464E909DB206F731DD40D350
                                                                                                                                                                                                                                            Function 00841FB0 Relevance: 7.7, APIs: 5, Instructions: 200fileCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00841240: _strlen.LIBCMT ref: 008412BA
                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 00842046
                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0084206B
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0084207A
                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 008420CD
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008421FD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseFileHandle_strlen$ReadSize
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1490117831-0
                                                                                                                                                                                                                                            • Opcode ID: 03b7b197ac273c93eb04ef37320a5d25f2859f8fb01aa37aae7fce060f18ff5a
                                                                                                                                                                                                                                            • Instruction ID: a4fc5ff9d234a93be40b4863e01e162a9465dcac43f0f6058a07f635875a0097
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03b7b197ac273c93eb04ef37320a5d25f2859f8fb01aa37aae7fce060f18ff5a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7671D2B2C006189BCB10DFA8DC487AEBBB5FF58314F140629F814E7391E775A945CBA1
                                                                                                                                                                                                                                            Function 00861287 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: GetLastError.KERNEL32(00000000,?,0085E58D), ref: 0085C16E
                                                                                                                                                                                                                                              • Part of subcall function 0085C16A: SetLastError.KERNEL32(00000000,?,?,00000028,00858363), ref: 0085C210
                                                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32 ref: 0086138F
                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 008613CD
                                                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 008613E0
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 00861428
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 00861443
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                                                                                                                            • Opcode ID: 44d7b84be60647e269e843a30a9e78cde77c191d6bb1fe2181d13a3d0a6a86dd
                                                                                                                                                                                                                                            • Instruction ID: 442fd1963ee6f6ac18c7cd0f20fc7e4fa2cc5c158598249f0100f768cdeafd06
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44d7b84be60647e269e843a30a9e78cde77c191d6bb1fe2181d13a3d0a6a86dd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A518071A00209AFDF10DFA5CD49EBE77B8FF04704F1A4465E905EB292EB74DA448B61
                                                                                                                                                                                                                                            Function 00419A92 Relevance: 7.6, Strings: 6, Instructions: 125COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ];_$"Q!S$-U)W$2A=C$3E5G$=Y([
                                                                                                                                                                                                                                            • API String ID: 0-1233860087
                                                                                                                                                                                                                                            • Opcode ID: 0779789e10b95b7f69b45071bbcfe072519a8d08cfbfb59a7e27c0a9082712ce
                                                                                                                                                                                                                                            • Instruction ID: 8418fbc14a2fb62faab45df73b212ad7049715b2656b99ae13f884027c8b20aa
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0779789e10b95b7f69b45071bbcfe072519a8d08cfbfb59a7e27c0a9082712ce
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F131CEB66183408BC7308F18C89269BB7F0FF96764F19891DE4D89B341E3789841CB56
                                                                                                                                                                                                                                            Function 00859CC0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                                                                                                                                                            • Instruction ID: 9434f1657a387772096ad8682b62515607f66e190fd8a50a5503cccef071801b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73024C71E00619DBDF14CFA9C8806AEBBB1FF48315F24826AD919E7380D731A945CB91
                                                                                                                                                                                                                                            Function 0084F8E9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0084F8F5
                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0084F9C1
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0084F9DA
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0084F9E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                                                                            • Opcode ID: 85134143be01593dc9063b9829cbd3131b99dd0c3ff03f099780f7ccd91d353a
                                                                                                                                                                                                                                            • Instruction ID: e93d1e7a9d948359ec88d9b8db3f821a8a1f08d62556f23c935ba55203227976
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85134143be01593dc9063b9829cbd3131b99dd0c3ff03f099780f7ccd91d353a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E31E3B5D0121DAADF21DFA5D9497CDBBB8FF08300F1041AAE50DAB251EB719A848F45
                                                                                                                                                                                                                                            Function 00416036 Relevance: 5.8, Strings: 4, Instructions: 794COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: 4$^Z $^Z I$p
                                                                                                                                                                                                                                            • API String ID: 2994545307-3414323742
                                                                                                                                                                                                                                            • Opcode ID: a17e6598951b1b07f8a3d7a2c4cabe0b32638e13571b7a5ea886e2d4ec53d10d
                                                                                                                                                                                                                                            • Instruction ID: 2e262dc2b98b9a6d440a53948d9e55cc81207c50161dc6622ab9f6b4936a7fa4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a17e6598951b1b07f8a3d7a2c4cabe0b32638e13571b7a5ea886e2d4ec53d10d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 153256755083409BE724CF28D850ABB7BE2EBEA300F1A847DE4C197356D734D949CB9A
                                                                                                                                                                                                                                            Function 0041D0A0 Relevance: 4.2, Strings: 3, Instructions: 408COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: /,$KH$b
                                                                                                                                                                                                                                            • API String ID: 0-2155755540
                                                                                                                                                                                                                                            • Opcode ID: 9833fc8c0eca8366b76986b3924aad65a2340f45727e9712a310e1f8a09172d5
                                                                                                                                                                                                                                            • Instruction ID: 06014b54c36bcc2f5a6e376cde294541417629d67056aa239b76d1a095ffb95a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9833fc8c0eca8366b76986b3924aad65a2340f45727e9712a310e1f8a09172d5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89A102B59083118BC324DF28C8916ABB7F1EFD1354F289A1DE8D58B381E738D945C79A
                                                                                                                                                                                                                                            Function 0040E498 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: !$OQJ>$RQJ>
                                                                                                                                                                                                                                            • API String ID: 0-3745743227
                                                                                                                                                                                                                                            • Opcode ID: bf57af7d27e4d529f8e32b7c3fdc06ece7fd17807a6597af58b02b5fe45d9909
                                                                                                                                                                                                                                            • Instruction ID: 0044d20465ca1c4edbe37d9095840257e52da6dd3f56bcb882a84483ecababa5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf57af7d27e4d529f8e32b7c3fdc06ece7fd17807a6597af58b02b5fe45d9909
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A513C779543A14BC724CA78CC416EFB6D29FD6314F1A4A3EDCD8E7381D67849058386
                                                                                                                                                                                                                                            Function 00414A40 Relevance: 3.6, Strings: 2, Instructions: 1149COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: D]+\$UNA
                                                                                                                                                                                                                                            • API String ID: 0-813271945
                                                                                                                                                                                                                                            • Opcode ID: 11e83117e9188b7dc984fa0f419118913c0765587583237f76609e9272d8e72b
                                                                                                                                                                                                                                            • Instruction ID: ab7382b2cb5eacf2de73f405d84490754ae4baf3bf3219b7127510f8e247cffc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11e83117e9188b7dc984fa0f419118913c0765587583237f76609e9272d8e72b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A525475608700DBE7149F24EC52BBBB3E2EBC6314F19443DE4C5972A2E7399845CB8A
                                                                                                                                                                                                                                            Function 00428690 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ,q>s$HI
                                                                                                                                                                                                                                            • API String ID: 0-980453730
                                                                                                                                                                                                                                            • Opcode ID: 81a8bbb51e7b765b98b78a114a96b79a4d147c3d7791d8accd824d78c1e3847e
                                                                                                                                                                                                                                            • Instruction ID: 12f67c18c4353cdc39626bfe46bfd002305e525c2329f06db05b9cd3363305f4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81a8bbb51e7b765b98b78a114a96b79a4d147c3d7791d8accd824d78c1e3847e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80D156B59093618FD314DF18D89126FB7E1FF96304F08892EE9D547381EB389905CB8A
                                                                                                                                                                                                                                            Function 004292B0 Relevance: 2.9, Strings: 2, Instructions: 392COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: -,#"$^&
                                                                                                                                                                                                                                            • API String ID: 0-105081621
                                                                                                                                                                                                                                            • Opcode ID: 1a73812664ad0a08ba8fd7af8612b341e3128dea73201b09099b3c43f5ac38b2
                                                                                                                                                                                                                                            • Instruction ID: 18d6723b1270470f5bd260c91ec4f80195ac048505bbd4fa4f2a9f825bdf5acc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a73812664ad0a08ba8fd7af8612b341e3128dea73201b09099b3c43f5ac38b2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6D15875E08154DFDB00CF68E8916BEBBB1AF0A310F5945B9E491AB392C7394D42CB68
                                                                                                                                                                                                                                            Function 004252C9 Relevance: 2.9, Strings: 2, Instructions: 391COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: BWB$^I
                                                                                                                                                                                                                                            • API String ID: 0-2549777654
                                                                                                                                                                                                                                            • Opcode ID: d91a0ff268831ce0f77eddb8ec210d4f7ada0c105ddcf4f85a3ca2c14205d774
                                                                                                                                                                                                                                            • Instruction ID: 6261e7546a230821863048f7173daa5000af211635fbb0a6bb0669c6c4061bda
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d91a0ff268831ce0f77eddb8ec210d4f7ada0c105ddcf4f85a3ca2c14205d774
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90C115366187218BC324DF28D8902BFB3A2FF95781F95882ED4C54B360EB789D45D749
                                                                                                                                                                                                                                            Function 00426820 Relevance: 2.8, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: -,#"$t
                                                                                                                                                                                                                                            • API String ID: 2994545307-4244866344
                                                                                                                                                                                                                                            • Opcode ID: 229e3c833b2b8964475c78d47167ca52d2439d084f2c6dd1ecbe7a2d29c346ab
                                                                                                                                                                                                                                            • Instruction ID: a9aebe5b56afe3e049e72547e7bd765a284fd7fd5f7e1678d38c564621030797
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 229e3c833b2b8964475c78d47167ca52d2439d084f2c6dd1ecbe7a2d29c346ab
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B815CB1B043604BD7189E24E85173B72A1EB91304F5AC53EE986A7385EA3C9C05878A
                                                                                                                                                                                                                                            Function 0042DCE4 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: {_kE${_kE
                                                                                                                                                                                                                                            • API String ID: 0-2717772715
                                                                                                                                                                                                                                            • Opcode ID: bbcdc1b2f94a60b4df8c6374ad1cf3e86aca7bf1f519ebf3dfabd1ee9da8587d
                                                                                                                                                                                                                                            • Instruction ID: 106b217cfa2e512b622056828d8992983559f078a0b165afc89af8caa8af3c87
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbcdc1b2f94a60b4df8c6374ad1cf3e86aca7bf1f519ebf3dfabd1ee9da8587d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D414671A18BD18AD7258F34D8607FBBBE19BA6300F68897DC0C587243DA3D86468756
                                                                                                                                                                                                                                            Function 0042DB13 Relevance: 2.6, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: {_kE${_kE
                                                                                                                                                                                                                                            • API String ID: 0-2717772715
                                                                                                                                                                                                                                            • Opcode ID: 34ff8b9050b8f10efc6438b1cfc707df5db9b09c1f48f9ae82cd249ee2f998c2
                                                                                                                                                                                                                                            • Instruction ID: 680bf760e010de30ed7228732937ae52c7ffd5be9ce1a2573546d8610f35cc39
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34ff8b9050b8f10efc6438b1cfc707df5db9b09c1f48f9ae82cd249ee2f998c2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E4143756087828AD729CF35C8B07FBBBD29FE2300F28857DC0C587292DA3D4906871A
                                                                                                                                                                                                                                            Function 0040E030 Relevance: 2.6, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: -,#"$:YV
                                                                                                                                                                                                                                            • API String ID: 2994545307-3668490761
                                                                                                                                                                                                                                            • Opcode ID: 5730e5fe9a95d66c409bcf149896b09d6e84f6d2c3e27ffaf2ec9f11f695c7a2
                                                                                                                                                                                                                                            • Instruction ID: 4c14ded29eb26185c99260fbabd770f49526a3863f3675bc8def07179c7703e4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5730e5fe9a95d66c409bcf149896b09d6e84f6d2c3e27ffaf2ec9f11f695c7a2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 863113306142418BEB29CB14DC61FBB73D2EBC5300F18CC7DD482A7291E7B9A871875A
                                                                                                                                                                                                                                            Function 0042C6E3 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: LNua$N
                                                                                                                                                                                                                                            • API String ID: 0-1541665044
                                                                                                                                                                                                                                            • Opcode ID: b737bd3dd6e32e2df6477e3c3192376af311689c2f59e612a5a63c000a4ee03d
                                                                                                                                                                                                                                            • Instruction ID: 1ee2d171fc8bd0a4103a0d81042818f3e1644da498355e6e93c4422dc14832fe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b737bd3dd6e32e2df6477e3c3192376af311689c2f59e612a5a63c000a4ee03d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9511CC65B492864BD72C8E36856237BBB9367D6244F1CD57E80C7DB2C5CD7888018B19
                                                                                                                                                                                                                                            Function 00423026 Relevance: 1.8, Strings: 1, Instructions: 524COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 3B
                                                                                                                                                                                                                                            • API String ID: 0-2290667792
                                                                                                                                                                                                                                            • Opcode ID: 84a4ee922267f05583ab3baf4c6f82e035a8e8dca2e17496911291d6a3655118
                                                                                                                                                                                                                                            • Instruction ID: 23e9220e78e4661e87bfa01708843d785bef23cbfdf35017992a8e00720886c6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84a4ee922267f05583ab3baf4c6f82e035a8e8dca2e17496911291d6a3655118
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49F1E03AA08211DFD314CF28EC4176AB3E6FF8A311F5A8978E88597351D738E915CB46
                                                                                                                                                                                                                                            Function 00422220 Relevance: 1.7, Strings: 1, Instructions: 487COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ur
                                                                                                                                                                                                                                            • API String ID: 0-2912587612
                                                                                                                                                                                                                                            • Opcode ID: 31f576ef0ceb3f7428a20a1d1d5355891968e4bc38a6e5a1aec70bb31c5a11dc
                                                                                                                                                                                                                                            • Instruction ID: 2933f4288af0fb302d4865e900e940e971ef474701bc337b8faf9ee79d554df2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31f576ef0ceb3f7428a20a1d1d5355891968e4bc38a6e5a1aec70bb31c5a11dc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8D16872B042209BD714DF28DD8177BB3A2EF95314F48843DE885DB385E6BCD905836A
                                                                                                                                                                                                                                            Function 00439870 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: nhi
                                                                                                                                                                                                                                            • API String ID: 2994545307-409182551
                                                                                                                                                                                                                                            • Opcode ID: 1b0a3cd9f1b598a48d14ad56fee4aa29d6910067838cf3c26b842d3dac0edce5
                                                                                                                                                                                                                                            • Instruction ID: 7a378b07afe0dce26b9d9a3c36de4d4d68de02c10dbf071a982f307c88a13559
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b0a3cd9f1b598a48d14ad56fee4aa29d6910067838cf3c26b842d3dac0edce5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22C157356083009BD714DF14D88062BFBE2EBCA714F19A62EE8D557352D375EC42C79A
                                                                                                                                                                                                                                            Function 00440C30 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: $' !
                                                                                                                                                                                                                                            • API String ID: 2994545307-3942351852
                                                                                                                                                                                                                                            • Opcode ID: 0b713519264c8b4c3629f2ca0a5c2cc84980b6adbb0a1f4f1c441d845cf26e62
                                                                                                                                                                                                                                            • Instruction ID: 4404b311211fdacfee075cf533346b075d8bf1841094ab771d77e339acbd6935
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b713519264c8b4c3629f2ca0a5c2cc84980b6adbb0a1f4f1c441d845cf26e62
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9C13673B183108BD328CF28D88166BB7E2EBD4304F19C63ED99597355DA799C058BC5
                                                                                                                                                                                                                                            Function 0042A630 Relevance: 1.7, Strings: 1, Instructions: 421COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: "
                                                                                                                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                                                                                                                            • Opcode ID: 393eaf58cb1cfc9012c1a5ed4da3559b2f8e8deac801884b4497616f30de6584
                                                                                                                                                                                                                                            • Instruction ID: 4ebb3f018987efa2ad535bff4804068c5748c9a0a400f43f4360d55faff2b568
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 393eaf58cb1cfc9012c1a5ed4da3559b2f8e8deac801884b4497616f30de6584
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0D103B2B083205BC714DE25A48176BB7E9AF85314F49892EEC8987382D73CDD19C797
                                                                                                                                                                                                                                            Function 00440810 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: yiP
                                                                                                                                                                                                                                            • API String ID: 2994545307-2938885043
                                                                                                                                                                                                                                            • Opcode ID: e03020ff3574e976498d7acc434cb22d94adcc0a28a3418f4a27b62f2c71e960
                                                                                                                                                                                                                                            • Instruction ID: ff28010e13dd69ee72a1a312e6391d215d807f9c4b7ae5993c5cddc4e05c5cc0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e03020ff3574e976498d7acc434cb22d94adcc0a28a3418f4a27b62f2c71e960
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBC10572B043119FD728CF68C88162BF3A2FF98304F19892DEA959B355DB34AC51CB85
                                                                                                                                                                                                                                            Function 00422750 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: v
                                                                                                                                                                                                                                            • API String ID: 0-38809212
                                                                                                                                                                                                                                            • Opcode ID: 0c3135aae97535b4c06561675acfe575cedb906622af2d10bf09011f14f4f53d
                                                                                                                                                                                                                                            • Instruction ID: eb6297aafcaf11b804a74dda3c3ef3e397b02d7c5bad6293a538c3f01507e569
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c3135aae97535b4c06561675acfe575cedb906622af2d10bf09011f14f4f53d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA5114A2B0422057DB149F28DD92777B2E0EF95324F49962EE8868B381F6BCD905C319
                                                                                                                                                                                                                                            Function 004258CC Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 7[B
                                                                                                                                                                                                                                            • API String ID: 0-536383012
                                                                                                                                                                                                                                            • Opcode ID: 5537dd6dd1634ac47b585ad78762a7d495399c92b0bdf477a34b707034bc0e25
                                                                                                                                                                                                                                            • Instruction ID: 4fd3cb6b5fbc0d59b62a4fb911a8d9cf10673666e104ac24502c3f738b8bf350
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5537dd6dd1634ac47b585ad78762a7d495399c92b0bdf477a34b707034bc0e25
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43516671748B668FD7248A6498822BBB7E1EF45310F88493FD4C68B341D23CD94AE74A
                                                                                                                                                                                                                                            Function 004151B0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: UNA
                                                                                                                                                                                                                                            • API String ID: 0-4195821252
                                                                                                                                                                                                                                            • Opcode ID: d229a3544778723d81a28f9904d69e9f18078472be1c668a810d95b17c139d3b
                                                                                                                                                                                                                                            • Instruction ID: 1d58e1569f8ec2afc007d13b825b6e6dd63d5ba794a463b4467fe4491c662bdf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d229a3544778723d81a28f9904d69e9f18078472be1c668a810d95b17c139d3b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7321F235608600DBE7189B18D4919FB7362EB96314FA8512EC0C7432A1D72AAC938B8E
                                                                                                                                                                                                                                            Function 00429211 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ^&
                                                                                                                                                                                                                                            • API String ID: 0-3085756376
                                                                                                                                                                                                                                            • Opcode ID: 75475964bd3477677ccedb9ffdd39a38b3dec7795d1b7ee7cb60190800a84723
                                                                                                                                                                                                                                            • Instruction ID: 64fc3f53591b1f4e61f0878363cd3e2d37a1ed4fb8fcd381d9c574d41a3b9d54
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75475964bd3477677ccedb9ffdd39a38b3dec7795d1b7ee7cb60190800a84723
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1501D8556081709ADB254E2E64A0372BAD15F5B310FA89CDA98D69F356C42E8C06837D
                                                                                                                                                                                                                                            Function 0043EB88 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: t
                                                                                                                                                                                                                                            • API String ID: 0-2238339752
                                                                                                                                                                                                                                            • Opcode ID: 8a03b1ec058f6693e5b65694a2d8a0b4df41d7527cafbab5a75dc1862957c3c4
                                                                                                                                                                                                                                            • Instruction ID: 63e19db0f93a6dae8dfe54e53388dca3ed4eaeb3abcc72c9ba12e90d7f9c35e1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a03b1ec058f6693e5b65694a2d8a0b4df41d7527cafbab5a75dc1862957c3c4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EF02436B966208BCB00CF68C88854BF79197DF220F1EDB28CDA8A3292D135DC01C7C8
                                                                                                                                                                                                                                            Function 0043F540 Relevance: .7, Instructions: 727COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 6c9a8fc6b89ea236dbdb387b43ba291911e32f2680c21128f7e831be2c03d844
                                                                                                                                                                                                                                            • Instruction ID: 54daf3b579ebbd9c2a4c485f9b9f0cfc24f3438be34c7e90d28da51edff2fb07
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c9a8fc6b89ea236dbdb387b43ba291911e32f2680c21128f7e831be2c03d844
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7223539A58211CFDB04CF78E89026AB7E2FF8E315F0984BEC54693361D735A915CB45
                                                                                                                                                                                                                                            Function 0043F660 Relevance: .6, Instructions: 626COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 937a49a78ebe6b168f75700f4a926b9b8671c02ec73cf96d90de36a6035fbf6a
                                                                                                                                                                                                                                            • Instruction ID: 1c723d45031e0e5f2b9b358dbf3ef3a8914302c4682d4508a80e5e4c1951da74
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 937a49a78ebe6b168f75700f4a926b9b8671c02ec73cf96d90de36a6035fbf6a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F612233AA58211CFDB04CF78E8D066AB7E2FB8E315F1984BDC54693361C735A826CB45
                                                                                                                                                                                                                                            Function 00407410 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 39e15bf933866eaa341b681c485ccf4360e05fc4ee0e32aeaaf304759d2d656c
                                                                                                                                                                                                                                            • Instruction ID: c92edf3822012b181dadebb06f7edb043bbaa9d7c48d59259f3166036ecb0ce2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39e15bf933866eaa341b681c485ccf4360e05fc4ee0e32aeaaf304759d2d656c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB22A272A087118BC725DF18D9806ABB3E1BFC4319F19893ED986A7385D738B8118B47
                                                                                                                                                                                                                                            Function 0043F67B Relevance: .6, Instructions: 615COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 6c980666c7bddf54fcbaaa1cb2f84cf301ae3e7cd17c971d11f26757430c2721
                                                                                                                                                                                                                                            • Instruction ID: 0f75eed81ac74744bca2bac3eb1a8791e799e4bb3c72ea2c237a37cd6386018b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c980666c7bddf54fcbaaa1cb2f84cf301ae3e7cd17c971d11f26757430c2721
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E612353AA58211CFD704CF78E8D026AB7E2FB8E315F1985BDC54693361C735A826CB45
                                                                                                                                                                                                                                            Function 0043F679 Relevance: .6, Instructions: 614COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 238084d3e0fad662479d891e59f613a82f78f79269ff8fb19cdaf09971159ce9
                                                                                                                                                                                                                                            • Instruction ID: 6a754d8a11583ac54e741eded095c1c474aeba31e1be645f0912a5aa444e5f33
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 238084d3e0fad662479d891e59f613a82f78f79269ff8fb19cdaf09971159ce9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC02353AA58211CFDB04CF78E8D026AB7E2FB8E315F1985BDC54693361C735A826CB45
                                                                                                                                                                                                                                            Function 0043F7A0 Relevance: .5, Instructions: 525COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 075f09d52398d66b3f8d2166165783d790a62c8dbc59de06c9f4ba8a3d4805a2
                                                                                                                                                                                                                                            • Instruction ID: 8e958c2056480958870c86ab2f3638465bec954b0afc82d14ac17241f5cef311
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 075f09d52398d66b3f8d2166165783d790a62c8dbc59de06c9f4ba8a3d4805a2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0F1123AA54210CFCB08CF68E8A06AAB7F1FF8E315F1985BDC54693361C735A925CB45
                                                                                                                                                                                                                                            Function 00440400 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                            • Opcode ID: a0b4b965cefa7c4a318816bcd1b3440dffea0772bd1aa3ddb21a6cf56576b978
                                                                                                                                                                                                                                            • Instruction ID: dd418fe4fcc3ca0d9ab87274fd3e2617155efbf9efa21ba67bef0ff5882d2538
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0b4b965cefa7c4a318816bcd1b3440dffea0772bd1aa3ddb21a6cf56576b978
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5B16D366053158FD728CF29C891A2BB3A2FFD4714F1A842DD9858B355DB34EC21CB86
                                                                                                                                                                                                                                            Function 00421E40 Relevance: .4, Instructions: 365COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 40b33abb2e4bf76fb2f2774c35ea0a2e4be881f125bd6cfe93d698b498cc0e6b
                                                                                                                                                                                                                                            • Instruction ID: 1bada7c2ac2b9ae4cfe48a4508fb2ef94e887998e87eb0a52497d20bb3571013
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40b33abb2e4bf76fb2f2774c35ea0a2e4be881f125bd6cfe93d698b498cc0e6b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FA134B2A043209BC710DF64DC91B6B73E4FF94318F09492DEA858B391E7B8E905C75A
                                                                                                                                                                                                                                            Function 00439550 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 85fe585dbba659b32c2856ffde8e60d9d0211cca1c4f44fbdcbd58ca0a4513db
                                                                                                                                                                                                                                            • Instruction ID: 2705c9769f7a3051055f0a1ab50d18170b0b37f6b75c819a9f010e4bdfa3ab23
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85fe585dbba659b32c2856ffde8e60d9d0211cca1c4f44fbdcbd58ca0a4513db
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C71F274608300EBE7149F15D882B3B77E1FBCA304F18692DE5C557291C7B99C46CB9A
                                                                                                                                                                                                                                            Function 00408DE0 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 85de29c35d6863bb30b53735a2dadbaaebed93b65f7f359fcf81152b39aa23c5
                                                                                                                                                                                                                                            • Instruction ID: 2beb2b2753566204d02ec74081a2d229c34b1dee510fb13565f54867422f629d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85de29c35d6863bb30b53735a2dadbaaebed93b65f7f359fcf81152b39aa23c5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4316E116857554FD7248938CA512B7B7C3CBA1360F0E477ED4916B3D2DA2C8908D39D
                                                                                                                                                                                                                                            Function 0042B766 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e478691cc04ce96ce516819353fbfc411e543a4100e61be53017c37d36c2087c
                                                                                                                                                                                                                                            • Instruction ID: fc3bc627c4adeb52b88a14872f03d20053f08d62155146673129dfe3a96566c5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e478691cc04ce96ce516819353fbfc411e543a4100e61be53017c37d36c2087c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B419F242083D24BE7229B3950247BBFFE4DFA3314F6849ADC4D997282DB294506CB56
                                                                                                                                                                                                                                            Function 0042B75C Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 947dc8f3dd721a708692808d75c93bb472c8303fc19f9f8db2994205aacf456e
                                                                                                                                                                                                                                            • Instruction ID: d160a31831a885346dee611f4692063b3097ebadec09c22a963aafbfb003933a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 947dc8f3dd721a708692808d75c93bb472c8303fc19f9f8db2994205aacf456e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D031A02420C3D28BD7268B3990287BBFBE4DFA3315F68499EC4D997392C7394506CB56
                                                                                                                                                                                                                                            Function 004310A0 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4b184f26457eb3768389c411b1d7d78d0e88aa143555ab874d01a191b24b704e
                                                                                                                                                                                                                                            • Instruction ID: daefbec3f1ef113ba796a1dd17346d589f42dc2f1c4db925d1c94d003abe2be7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b184f26457eb3768389c411b1d7d78d0e88aa143555ab874d01a191b24b704e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E813FF451A3858FE374DF05D5986AEBBE1FB89708F10891F948857350CBB41449CF8A
                                                                                                                                                                                                                                            Function 00422AC9 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 78c0b43fae5377991f91c3740f27a5fd169fd16ca414385d425a32b96b63818b
                                                                                                                                                                                                                                            • Instruction ID: 7bb5b987e0bb4f7114b4c2212bfccdf2956b5a8d90ad284f67403ee2604ccb4d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78c0b43fae5377991f91c3740f27a5fd169fd16ca414385d425a32b96b63818b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E412832B146245BC324CF29EC41767B6E2AB86318F5E8639D8D4DB355E638AC01C7D5
                                                                                                                                                                                                                                            Function 0042B5D9 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 665649c005d56b1ee58bf9e16e5146156e3f58b540e4cdf5b4f6b86b36b2c97d
                                                                                                                                                                                                                                            • Instruction ID: fd7439bc37db9c11efa221d04a04d82f9085f2ec2038449f5f4073d676576ff4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 665649c005d56b1ee58bf9e16e5146156e3f58b540e4cdf5b4f6b86b36b2c97d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F031BF242183D14AD7319B3990283FBFBE4DFA3314F68499DC4D997382CB394005CB56
                                                                                                                                                                                                                                            Function 0042C47F Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 83b91613ff158a69e432da1d80dce04d2c5288efbcccb728770b7edd432d3a27
                                                                                                                                                                                                                                            • Instruction ID: 5b762966393eeb1bc0971079b6ad5409ecfaa4a6f1308e5f2f4f6a2c15d15fbe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83b91613ff158a69e432da1d80dce04d2c5288efbcccb728770b7edd432d3a27
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D31FC7410C3D09BD7354F246855BBBBBF0AF93304F14996DC4C997293EA39844B8B6A
                                                                                                                                                                                                                                            Function 0040C3B4 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e044102361ce3c0fc5cf088071144cc83bc0068fc2d88a9d7a65daf08341b7c3
                                                                                                                                                                                                                                            • Instruction ID: 238b6f7397c2f693389e5af9bc4c72eef290b4da23fc4ac8245387494e53b8e9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e044102361ce3c0fc5cf088071144cc83bc0068fc2d88a9d7a65daf08341b7c3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD21D377F505258BDB24CF68CC817AF77F6AB8A200F1A8179D945FB349D6349C0187A4
                                                                                                                                                                                                                                            Function 00435A00 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                            • Instruction ID: e6a8dc17c880850e49dd7e1e966283a5207de34a9f0a067377e85bee35f7d401
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36115933A055D40EC3129D3C8440565BFA31AA7234F68939AF0F99B2D2C2268D8AA358
                                                                                                                                                                                                                                            Function 0042A010 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 57814f194fff62bd8a5d8ba9d633bff23d04ecfb4f06fea282807f61cd4543f2
                                                                                                                                                                                                                                            • Instruction ID: d2294d5950415ddc2e4667efe40a2cfd01bb94c476222eaec0709288821d6307
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57814f194fff62bd8a5d8ba9d633bff23d04ecfb4f06fea282807f61cd4543f2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F01B5F1B0071147D720AE11A4D0B2BB2A86F85708F09053EDD4867342DB7EEC2882AA
                                                                                                                                                                                                                                            Function 00402BB0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a3392263a2fef94f1e7939ba329bd131c45995f9e6f47d9558bbdcacaaa272e9
                                                                                                                                                                                                                                            • Instruction ID: dda0d9bfc2e162cbf5eda5eae9bd46ae3be84b7a229878372f346e270daa3058
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3392263a2fef94f1e7939ba329bd131c45995f9e6f47d9558bbdcacaaa272e9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5AF0593B7192150BE310CD69EDC4A6FB366DBD6304B0A413EE940E3380C4B5E80582A8
                                                                                                                                                                                                                                            Function 00420FC3 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: afa107ba09682016c9b76acaf3258e1c4cc52b82e7effe948d11587081b75557
                                                                                                                                                                                                                                            • Instruction ID: 83f1021beb35e139e6bfc2a106445938dbd31eca8b46081d04e1f7767ff24d26
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afa107ba09682016c9b76acaf3258e1c4cc52b82e7effe948d11587081b75557
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1B092A9C0282086E2113F113E125AFB0244913308F07243AE84A32243AA2AE21E40AF
                                                                                                                                                                                                                                            Function 00427EEB Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b82cf270e24139fb2dbbb044742abb91ec97ae5af65658d3ec5f6a1ce25279dc
                                                                                                                                                                                                                                            • Instruction ID: a7b8390af064a98c08a839ecacb7d952fd914323f07ae51c8131dd1cf4d90b35
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b82cf270e24139fb2dbbb044742abb91ec97ae5af65658d3ec5f6a1ce25279dc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70B01274E0819043C200EF145591077B1344647208F157874D45CB7202DA35EC0582DD
                                                                                                                                                                                                                                            Function 00431CC9 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 90COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitVariant
                                                                                                                                                                                                                                            • String ID: a$c$e$g$i$k$m$n$o$y${$}
                                                                                                                                                                                                                                            • API String ID: 1927566239-2118003515
                                                                                                                                                                                                                                            • Opcode ID: 9aa8f35111fac5fe297951e9d2466ba43fe60ce96983b98d2ecea7c7913200d3
                                                                                                                                                                                                                                            • Instruction ID: 77cf041c9802ef4b395f62e61a9853e452b7bf42cb9497ebf068d1f4ce3eb5e8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9aa8f35111fac5fe297951e9d2466ba43fe60ce96983b98d2ecea7c7913200d3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D641E32050C7C18AD331DB68C45879EBFD1AB96324F088E9ED4DAAB3D2C7794145C767
                                                                                                                                                                                                                                            Function 0086AAE2 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 127012223-0
                                                                                                                                                                                                                                            • Opcode ID: 9e90af216ea03829b75e3c5b610120fb989df9efffd49569696334b6ecff83b7
                                                                                                                                                                                                                                            • Instruction ID: 8e0b55463e6248a38277106ee54ee0b0350ba9ebb4e56873f02078d3a519e7b1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e90af216ea03829b75e3c5b610120fb989df9efffd49569696334b6ecff83b7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F571D5729002095BDF299E588C82FAF77AAFF45311F2A0459E904F7292E735DC408F62
                                                                                                                                                                                                                                            Function 0084FE29 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 0084FE70
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0084FE9C
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 0084FEDB
                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0084FEF8
                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0084FF37
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0084FF54
                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0084FF96
                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0084FFB9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2040435927-0
                                                                                                                                                                                                                                            • Opcode ID: dabbc6a59a75c8ff5a77da1d0a5d5dbe0431109648e13674a2186b9f558bc5b7
                                                                                                                                                                                                                                            • Instruction ID: 7565c1599bb706a61ffa3fb40e5cce57130087cbc98db01700f48b60f0a0a794
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dabbc6a59a75c8ff5a77da1d0a5d5dbe0431109648e13674a2186b9f558bc5b7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3051AC7260061EAFEB204F64CC45FAA7AA9FF41754F14443AFA15DA192EF31DC148B50
                                                                                                                                                                                                                                            Function 0085EE76 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                                                                            • Opcode ID: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                                                                                                                                                            • Instruction ID: ffd80e9ee20b2a9fb9c11de681e34130eb2cfed883c18e532ea14b5d668ce91b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCB15672A006559FDB168F28CC81BAE7BA6FF15311F1841A5EE44EB283D7709909C7A1
                                                                                                                                                                                                                                            Function 00427516 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 229COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00427850
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004278DA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                            • String ID: EP$X{$lzB$qF
                                                                                                                                                                                                                                            • API String ID: 237503144-2164892811
                                                                                                                                                                                                                                            • Opcode ID: de90abcc1a233ca89d5823499507d934d77944f9a7fc1bde9ac41d3286d94b89
                                                                                                                                                                                                                                            • Instruction ID: 8c1cc06ba9b792a8fb3a059e159ca77235b5a1f59c4008dbcd262fde911c94cc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de90abcc1a233ca89d5823499507d934d77944f9a7fc1bde9ac41d3286d94b89
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F61E0B560C3409FE320DF65A841B1FB7E4EB89314F44093DF688A7292DB74D9068B9B
                                                                                                                                                                                                                                            Function 00427762 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 222COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00427850
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004278DA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                            • String ID: EP$X{$lzB$qF
                                                                                                                                                                                                                                            • API String ID: 237503144-2164892811
                                                                                                                                                                                                                                            • Opcode ID: 4ddd4795b010ec054398b5b300bd2244ef639b636111aa00c5574035a8958b47
                                                                                                                                                                                                                                            • Instruction ID: b447fc908ed6bea55d5f597dfcfbd1ce4d15ffc20013b0c9ec9b8519fe6b09b3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ddd4795b010ec054398b5b300bd2244ef639b636111aa00c5574035a8958b47
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C61F0B960C3409FE320DF65A841B1FB7E4EB89314F44493DF688A7292DB74D9068B5B
                                                                                                                                                                                                                                            Function 00850D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00850D77
                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00850D7F
                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00850E08
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00850E33
                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00850E88
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                            • Opcode ID: 67cfcf2f67d1982406d88c2b39878092ba533d3f816ce973650fec629aef71d9
                                                                                                                                                                                                                                            • Instruction ID: 8394991d1e9810481efe7d32f85de05158384173395e63eef8bd0a6c7777d804
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67cfcf2f67d1982406d88c2b39878092ba533d3f816ce973650fec629aef71d9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0741BF34A0021C9BCB11DF68C886A9EBBB5FF44326F248555ED18EB352D731EA19CF91
                                                                                                                                                                                                                                            Function 008424B0 Relevance: 10.6, APIs: 7, Instructions: 83threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetConsoleWindow.KERNEL32 ref: 008424DD
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 008424E6
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00842524
                                                                                                                                                                                                                                              • Part of subcall function 0084F11D: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,0084253A,?,?,00000000), ref: 0084F129
                                                                                                                                                                                                                                              • Part of subcall function 0084F11D: GetExitCodeThread.KERNEL32(?,00000000,?,?,0084253A,?,?,00000000), ref: 0084F142
                                                                                                                                                                                                                                              • Part of subcall function 0084F11D: CloseHandle.KERNEL32(?,?,?,0084253A,?,?,00000000), ref: 0084F154
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00842567
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00842578
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00842589
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 0084259A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$ThreadWindow$CloseCodeConsoleCurrentExitHandleObjectShowSingleWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3956949563-0
                                                                                                                                                                                                                                            • Opcode ID: f6099d7a0185e96b0963cc9b0def0325f88aa707fb77a9ea9135dbc3ec0b81e2
                                                                                                                                                                                                                                            • Instruction ID: f8511f5c5e5a0dcae8641e89337dd6ff003e0cca403118cfd33b0e745babe19a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6099d7a0185e96b0963cc9b0def0325f88aa707fb77a9ea9135dbc3ec0b81e2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 022165F2D402199BDF50AF989C06BDEBAB8FF04710F080125F508BA281E7B69554CAA6
                                                                                                                                                                                                                                            Function 0085CF0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,?,?,?,BB40E64E,?,0085D01A,00841170,0084AA08,?,?), ref: 0085CFCC
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                            • Opcode ID: ee2dd7927d2b69e597809ce3356e04a1992367e3fd8a2fad44404c7c3224fa0f
                                                                                                                                                                                                                                            • Instruction ID: 7741afd81dbcc9bc415d88d1889869411c33fc860d0bfc8b6b5f99148347a4d2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee2dd7927d2b69e597809ce3356e04a1992367e3fd8a2fad44404c7c3224fa0f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F210531A01711AFC7328B64DC44A5A7B6AFF81765F250111ED4AE7290EFB0ED18CED0
                                                                                                                                                                                                                                            Function 00850080 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00850086
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00850094
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 008500A5
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                            • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                            • Opcode ID: 8ddf476b87f744c9096d092ba4cb82525907381bb3fe4a6ebaaaf14de3b064c7
                                                                                                                                                                                                                                            • Instruction ID: a1151405b8d3bba0d8d623cb5f3ba1806b8b4f433c149dc9397c29aba437d173
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ddf476b87f744c9096d092ba4cb82525907381bb3fe4a6ebaaaf14de3b064c7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6D05E31901610AB83116F747C0C8893EA8FB493003018056F41CE236CEFB4C6808A56
                                                                                                                                                                                                                                            Function 00864F81 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: cc7da60a23438163266ba71436117946b0ba27bb43281e7602817920f601621e
                                                                                                                                                                                                                                            • Instruction ID: ec8b566f03af00234c07599887eecc08124a5f8de394b3053bf1926a9c5f8169
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc7da60a23438163266ba71436117946b0ba27bb43281e7602817920f601621e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84B11370A08B49AFDB11CFACD895BAEBBB0FF56304F154158E904EB382C7719941CBA1
                                                                                                                                                                                                                                            Function 00849B30 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849C97
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849CA8
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849CBC
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849CDD
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849CEE
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00849D06
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2134207285-0
                                                                                                                                                                                                                                            • Opcode ID: 0d79655c0c9ff423635665d9957c9813654c8d18fd9e9771b03296f9cc85d337
                                                                                                                                                                                                                                            • Instruction ID: 87084ab2bfdff2e1d399b236652676e21c036c9dabf72edbbc2a99c9cad2f039
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d79655c0c9ff423635665d9957c9813654c8d18fd9e9771b03296f9cc85d337
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B441D3B1900748CBDB309F6989417ABBBF4FF45324F18062DD5BAA62D1D770A504CB93
                                                                                                                                                                                                                                            Function 0085ACE7 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0085ACDE,00850760,0084B77F,BB40E64E,?,?,?,?,0086BFCA,000000FF), ref: 0085ACF5
                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0085AD03
                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0085AD1C
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,0085ACDE,00850760,0084B77F,BB40E64E,?,?,?,?,0086BFCA,000000FF), ref: 0085AD6E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                            • Opcode ID: c4633c16fa3398c85998db5d73e5c203f6e5a669f93a68ab04de857bfa5fca5b
                                                                                                                                                                                                                                            • Instruction ID: 6a94944a78c72d0ae4d9be77d329c3c9a7b13f5b52f7c72d804d4ba6a1d2f690
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4633c16fa3398c85998db5d73e5c203f6e5a669f93a68ab04de857bfa5fca5b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40016D322096199DA72836787CC9A262E99FF00B77724033AFE24C21F0FF118C475142
                                                                                                                                                                                                                                            Function 0085B56E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 0085B68D
                                                                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0085B906
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                                                            • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                            • Opcode ID: aa0b98058874e0546a88a25fe6eb86df4efbf1fe65d34d39256881cec065bdf2
                                                                                                                                                                                                                                            • Instruction ID: 4f11c0ed463ec0917201e8b132d15928015408b1479def2b393cc6b5e1035965
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa0b98058874e0546a88a25fe6eb86df4efbf1fe65d34d39256881cec065bdf2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0B16F75800209EFCF19DFA8C8819AEBBB5FF24312F144569EC11AB212D731D959DF92
                                                                                                                                                                                                                                            Function 0084BE95 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Ref_count_base::_Decref.LIBCPMT ref: 0084BF44
                                                                                                                                                                                                                                            • std::_Ref_count_base::_Decref.LIBCPMT ref: 0084C028
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DecrefRef_count_base::_std::_
                                                                                                                                                                                                                                            • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                            • API String ID: 1456557076-2671469338
                                                                                                                                                                                                                                            • Opcode ID: af7b553cfcdd8074c1caa713089d2a31714c37a3bdeebc4aeea2329465f8725a
                                                                                                                                                                                                                                            • Instruction ID: 2364f2b7f6480c62394ea54379989a67db7c0755fdc40f06a14248d2f602f8ef
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af7b553cfcdd8074c1caa713089d2a31714c37a3bdeebc4aeea2329465f8725a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF41C934901208DFCF28DF68C9419AEB7B9FF58300B5880ADE449E7642CB34EA08CB52
                                                                                                                                                                                                                                            Function 008555C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,0086BE94,000000FF,?,00855685,0085556C,?,00855721,00000000), ref: 008555F9
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0085560B
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,0086BE94,000000FF,?,00855685,0085556C,?,00855721,00000000), ref: 0085562D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                            • Opcode ID: 53d2289de237f6142a500a2b1413ccfc2e9cc84a31f5377a07263111a7faafe2
                                                                                                                                                                                                                                            • Instruction ID: 1882ae83fdef3183f2442d3d42dc118c16f96c0c2a909b7cc11b6dd07e45e09e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53d2289de237f6142a500a2b1413ccfc2e9cc84a31f5377a07263111a7faafe2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C701DB31A00A55AFDB128F44CC09BAEB7F8FB44715F004525F825E2294EB78D944CA50
                                                                                                                                                                                                                                            Function 0085D6EA Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0085D76F
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0085D838
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0085D89F
                                                                                                                                                                                                                                              • Part of subcall function 0085BF11: HeapAlloc.KERNEL32(00000000,00000018,00000000,?,0084A67D,00000018,?,00843D4A,00000018,00000000), ref: 0085BF43
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0085D8B2
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0085D8BF
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                                                                                            • Opcode ID: 9bdda93d43c219a9bca942ca8d2e0b984dfb3a6a7b1a238a1e5567bdc80f35eb
                                                                                                                                                                                                                                            • Instruction ID: 60fdd974f5626eca6d07cc6dca985bdd0e7f262065b3bb555b4f858f3e9a90a0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bdda93d43c219a9bca942ca8d2e0b984dfb3a6a7b1a238a1e5567bdc80f35eb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0151927260030AAFFB319F64CC81EBB7AA9FF44752B150939FD04DA251EB70DC5896A1
                                                                                                                                                                                                                                            Function 0084EFF1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0084F005
                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(00848E38), ref: 0084F024
                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(00848E38,0084A2F0,?), ref: 0084F052
                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(00848E38,0084A2F0,?), ref: 0084F0AD
                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(00848E38,0084A2F0,?), ref: 0084F0C4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 66001078-0
                                                                                                                                                                                                                                            • Opcode ID: 8e9c77e5f0ebecc6147192c2b0d2992ba5c5ba1df93278ebfdfbf0f0066d730a
                                                                                                                                                                                                                                            • Instruction ID: e9b8049a466507a30e907bdbf78ac5b654dc916a9e8260926d2c88c0cb71bcbc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e9c77e5f0ebecc6147192c2b0d2992ba5c5ba1df93278ebfdfbf0f0066d730a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93412271900A0EDFCB25CF65C4849AAB3B5FF88315B20492EE65AC7943E730E985CB52
                                                                                                                                                                                                                                            Function 00843C70 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00843CA5
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00843CBF
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00843CE0
                                                                                                                                                                                                                                            • __Getctype.LIBCPMT ref: 00843D92
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00843DD8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3087743877-0
                                                                                                                                                                                                                                            • Opcode ID: edb6f5c989c180fe33390f35db88627d5fc8b4e41c3aa848cc17045cc1386596
                                                                                                                                                                                                                                            • Instruction ID: c943cce74b4f54a329b2b98dbbc9f708b1ade9b64d59f99c4568610334a73f93
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edb6f5c989c180fe33390f35db88627d5fc8b4e41c3aa848cc17045cc1386596
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57414A71E002188FCB14DF98D845BAEBBB1FF58720F148119D829AB395DB35AE45CF91
                                                                                                                                                                                                                                            Function 0084D4C2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0084D4C9
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0084D4D3
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 0084D4EA
                                                                                                                                                                                                                                              • Part of subcall function 0084C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 0084C1F6
                                                                                                                                                                                                                                              • Part of subcall function 0084C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 0084C210
                                                                                                                                                                                                                                            • codecvt.LIBCPMT ref: 0084D50D
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0084D544
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3716348337-0
                                                                                                                                                                                                                                            • Opcode ID: 64eed041b6678f7be20db7a6b629c49c0c0b89a0446227025d2ff5eba4b65917
                                                                                                                                                                                                                                            • Instruction ID: 6dcd7cbeeded4cbe060430c9a2e573b06801fc2d3a67eebf487b1fb5639a0f6e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64eed041b6678f7be20db7a6b629c49c0c0b89a0446227025d2ff5eba4b65917
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1901613190022D9BCB05EBA88915AAEBBB5FF84724F154419E915EB292DF749E40CB83
                                                                                                                                                                                                                                            Function 0084ADD7 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0084ADDE
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0084ADE9
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0084AE57
                                                                                                                                                                                                                                              • Part of subcall function 0084ACAA: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0084ACC2
                                                                                                                                                                                                                                            • std::locale::_Setgloballocale.LIBCPMT ref: 0084AE04
                                                                                                                                                                                                                                            • _Yarn.LIBCPMT ref: 0084AE1A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1088826258-0
                                                                                                                                                                                                                                            • Opcode ID: af1da5c2393802aa48dee107a508669859d2fe62bc633dfcb5991d8e2e3ff2f8
                                                                                                                                                                                                                                            • Instruction ID: 4d77a58cc0cc8b593d488be1ecf17fcdbd701f6121778b848d04bed5ae6f7cdf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af1da5c2393802aa48dee107a508669859d2fe62bc633dfcb5991d8e2e3ff2f8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8401D475A402249BCB0AEF28D85557D7B71FF84750B04401DE915DB382CF38AE82CB83
                                                                                                                                                                                                                                            Function 00841750 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 390COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _strlen
                                                                                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                            • API String ID: 4218353326-1866435925
                                                                                                                                                                                                                                            • Opcode ID: 4bf595a20f04a3e9d9fcaf53d315e2c5fd1d27dda8c28990d9925e1689b7f27d
                                                                                                                                                                                                                                            • Instruction ID: d16e7a31855a8b84a29d661e73eac7f0de690743ebe7f775972d55d5bd27a13e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bf595a20f04a3e9d9fcaf53d315e2c5fd1d27dda8c28990d9925e1689b7f27d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBF13B75A006188FCF14CF68C498BADBBF1FF88324F194269E819AB395D774AD45CB90
                                                                                                                                                                                                                                            Function 0084B755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Ref_count_base::_Decref.LIBCPMT ref: 0084B809
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DecrefRef_count_base::_std::_
                                                                                                                                                                                                                                            • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                            • API String ID: 1456557076-2671469338
                                                                                                                                                                                                                                            • Opcode ID: f5c39e9f1fea5ba7eb4b1792c54c1a2ff34d25d5ef1f5812f1edf9f387d2e370
                                                                                                                                                                                                                                            • Instruction ID: 1db18e1a61b6c98d5ecb49640332d98d9b72544e5678fcb5c90000ea0dc95de3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5c39e9f1fea5ba7eb4b1792c54c1a2ff34d25d5ef1f5812f1edf9f387d2e370
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC21B03590060DDFCF289FA8C895B6AB7ACFF44761F14492EE451C7690DB34EA40CA82
                                                                                                                                                                                                                                            Function 00866940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,008669DC,00000000,?,0087D2B0,?,?,?,00866913,00000004,InitializeCriticalSectionEx,00870D34,00870D3C), ref: 0086694D
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008669DC,00000000,?,0087D2B0,?,?,?,00866913,00000004,InitializeCriticalSectionEx,00870D34,00870D3C,00000000,?,0085BBBC), ref: 00866957
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0086697F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                            • Opcode ID: 02afe2d533ee4fa7faddf8aec972468e6d5592aeaa4f093cf3a91bd072520106
                                                                                                                                                                                                                                            • Instruction ID: da3ca9d5d2a55830cf8bbffd50ee032d48ccbc967be2c21ef5db7eb71d22aa1e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02afe2d533ee4fa7faddf8aec972468e6d5592aeaa4f093cf3a91bd072520106
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FE0E570390A44BAEA211A64EC0AB693F55FF50B91F154824FD4DEC4A4FB72E8B09944
                                                                                                                                                                                                                                            Function 00863F9E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 00864001
                                                                                                                                                                                                                                              • Part of subcall function 0085C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0085D895,?,00000000,-00000008), ref: 0085C082
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00864253
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00864299
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0086433C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                                                                            • Opcode ID: 47289ad6588489dff89dbd4f0d101212faad68e1cd480eff0d0ce474df5acab1
                                                                                                                                                                                                                                            • Instruction ID: 9cd939f8b3447cc6f587688e5f68a7234fcd0d86aed0c0b5e4067fd5d5cbd08c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47289ad6588489dff89dbd4f0d101212faad68e1cd480eff0d0ce474df5acab1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23D178B5E002589FCF15CFE8C884AEDBBB5FF19314F29412AE926EB351D630A941CB50
                                                                                                                                                                                                                                            Function 0085B295 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                                                                            • Opcode ID: 573565ade02cbc95ec4ac0ca81cc65250fd8a1dd34ec9049183e1464322af548
                                                                                                                                                                                                                                            • Instruction ID: e2709393e3e890c916036cff81be2bc286203ab8343d6ffb8c001e31808b96f4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 573565ade02cbc95ec4ac0ca81cc65250fd8a1dd34ec9049183e1464322af548
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF51B171A046069FDB259F54C882BAABBE4FF24716F14402DED06E7391E731ED88CB91
                                                                                                                                                                                                                                            Function 00847220 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 008472C5
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00847395
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 008473A3
                                                                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 008473B1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2261580123-0
                                                                                                                                                                                                                                            • Opcode ID: 1da31b49a23766ba4e8d480f4596810a08be05ee4b4c766d2954ff21f62adefe
                                                                                                                                                                                                                                            • Instruction ID: 8f1639ea4c584642e8fe0a2905d0b0beeca53f7705142dcff3c9a3b1bb4aef27
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1da31b49a23766ba4e8d480f4596810a08be05ee4b4c766d2954ff21f62adefe
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8241E4B190470D8BDB20DF68C841B6AB7A8FF44324F544639D856D7791EB30E814CB92
                                                                                                                                                                                                                                            Function 00861DC6 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0085D895,?,00000000,-00000008), ref: 0085C082
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00861E2A
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00861E31
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00861E6B
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00861E72
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1913693674-0
                                                                                                                                                                                                                                            • Opcode ID: c04392565d7ccfe4e5f2df1f95739b7b83a74919ffbd929f93d0d22307565302
                                                                                                                                                                                                                                            • Instruction ID: 5c22f4848325da1e66ac7e1984b4e62f2a79f1988ae1b452ee10c21378ddf6bb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c04392565d7ccfe4e5f2df1f95739b7b83a74919ffbd929f93d0d22307565302
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9210471604615AFDF20AF69D88882BB7A9FF04365B1A8518FC19D7102EB32EC008BA1
                                                                                                                                                                                                                                            Function 00852BA2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e889a88568e0af3f974d35f9a9fb9eba23f0cb0e7120be4c9970dba6cdb7364d
                                                                                                                                                                                                                                            • Instruction ID: 4321b4934a9d5db10b65c023e3cdf068b8f56929bd56d8cb95d5db10b7833848
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e889a88568e0af3f974d35f9a9fb9eba23f0cb0e7120be4c9970dba6cdb7364d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0721CD31204619AF9B21AF6D9C8092A77A9FF52366B108514FC59D7252EF30EC488BA2
                                                                                                                                                                                                                                            Function 008631BE Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 008631C6
                                                                                                                                                                                                                                              • Part of subcall function 0085C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0085D895,?,00000000,-00000008), ref: 0085C082
                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008631FE
                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0086321E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 158306478-0
                                                                                                                                                                                                                                            • Opcode ID: 4be9ee660e87e92326fb1013d4ca1fbb5387e85ac65ee5c81c93eaaf2e97736a
                                                                                                                                                                                                                                            • Instruction ID: ec70f1144b93b44245240a66ec8d23683ae4b395a0bbe732083154ed3c39a25c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be9ee660e87e92326fb1013d4ca1fbb5387e85ac65ee5c81c93eaaf2e97736a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF1122B1500A197FAB2227B99C8ECBF7A5CFED43AA7110028FA05D1201FF64DF0485B2
                                                                                                                                                                                                                                            Function 0086ADA0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0086A2EF,00000000,00000001,00000000,?,?,00864390,?,00000000,00000000), ref: 0086ADB7
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0086A2EF,00000000,00000001,00000000,?,?,00864390,?,00000000,00000000,?,?,?,00863CD6,00000000), ref: 0086ADC3
                                                                                                                                                                                                                                              • Part of subcall function 0086AE20: CloseHandle.KERNEL32(FFFFFFFE,0086ADD3,?,0086A2EF,00000000,00000001,00000000,?,?,00864390,?,00000000,00000000,?,?), ref: 0086AE30
                                                                                                                                                                                                                                            • ___initconout.LIBCMT ref: 0086ADD3
                                                                                                                                                                                                                                              • Part of subcall function 0086ADF5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0086AD91,0086A2DC,?,?,00864390,?,00000000,00000000,?), ref: 0086AE08
                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0086A2EF,00000000,00000001,00000000,?,?,00864390,?,00000000,00000000,?), ref: 0086ADE8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                                                                            • Opcode ID: 5904e405a97f6b55f219dbcb2de3916bff54ba2f0aa4ea7d041604095035df1a
                                                                                                                                                                                                                                            • Instruction ID: e39498b4bae4ce3d38cf19c9b4ca4ba1d9cca6a3f0f1fe3e1fdf3752ddc11ab6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5904e405a97f6b55f219dbcb2de3916bff54ba2f0aa4ea7d041604095035df1a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4F01C36514118BFCF221FD5DC0899A3F26FF497A2B014011FA0CA6524EB32CCA0AF92
                                                                                                                                                                                                                                            Function 008504F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00850507
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00850516
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0085051F
                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0085052C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                                            • Opcode ID: 93918f4d74c2ae9edbc3b846c7a38b6f4193ab3ef136e987e7c96cf2cd53140e
                                                                                                                                                                                                                                            • Instruction ID: c5ca3c036595d07c335f78903483485fbeaffcf756d2f3ca1e81f7a1c1b9bb61
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93918f4d74c2ae9edbc3b846c7a38b6f4193ab3ef136e987e7c96cf2cd53140e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AEF0B270D1020CEBCB00DFB4DA4898EBBF4FF1C204B914995E416E7114EB30EB948B50
                                                                                                                                                                                                                                            Function 00423DD0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 292COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,21E1270B), ref: 00423EE0
                                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,21E1270B,21E1270B), ref: 00423F5D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                            • String ID: ^\
                                                                                                                                                                                                                                            • API String ID: 237503144-3140518789
                                                                                                                                                                                                                                            • Opcode ID: 62c758e3dead02ed472ccd8f608285016556a712ff673435979904df779e0b61
                                                                                                                                                                                                                                            • Instruction ID: 0e20560339d99e449ab95acf06b5f11cd81112edbb507e53d608f4bdff713dde
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62c758e3dead02ed472ccd8f608285016556a712ff673435979904df779e0b61
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AA123B4A442158FEB14CFA4EC91BAEBBB0FB41310F10816DE555AF381D7B8994BCB84
                                                                                                                                                                                                                                            Function 008473E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::_Release_chore.LIBCPMT ref: 00847526
                                                                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00847561
                                                                                                                                                                                                                                              • Part of subcall function 0084AF37: CreateThreadpoolWork.KERNEL32(0084B060,00848A2A,00000000), ref: 0084AF46
                                                                                                                                                                                                                                              • Part of subcall function 0084AF37: Concurrency::details::_Reschedule_chore.LIBCPMT ref: 0084AF53
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::_$CreateRelease_choreReschedule_choreThreadpoolWork___std_exception_copy
                                                                                                                                                                                                                                            • String ID: Fail to schedule the chore!
                                                                                                                                                                                                                                            • API String ID: 3683891980-3313369819
                                                                                                                                                                                                                                            • Opcode ID: 3da7ade6cc48d0d7cac70c55379796721b36cdc1b27cec9a71ad93d08af55c9a
                                                                                                                                                                                                                                            • Instruction ID: 15a08646072fed8d983a9402460bf577e83f863a8110990fa2b03798ad0b5e57
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3da7ade6cc48d0d7cac70c55379796721b36cdc1b27cec9a71ad93d08af55c9a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51518EB1D01218DFCB05DF94D844BAEBBB5FF08314F144129E919AB391E775A909CF92
                                                                                                                                                                                                                                            Function 0085B992 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0085B893,?,?,00000000,00000000,00000000,?), ref: 0085B9B7
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                            • Opcode ID: ca237f43803cc8c9d289ac796753cd13ff6f19764a1ec8d7e5a43d327a062224
                                                                                                                                                                                                                                            • Instruction ID: 1bb224d1f7bdcc7be1e6c0418859cb4e7f02a181e0d2ea184ce082d08810d7e2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca237f43803cc8c9d289ac796753cd13ff6f19764a1ec8d7e5a43d327a062224
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22417832900219AFCF16DF98CC81AEEBBB5FF58302F188199FE14A7211E3359954DB91
                                                                                                                                                                                                                                            Function 00843E90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00843EC6
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00844002
                                                                                                                                                                                                                                              • Part of subcall function 0084ABC5: _Yarn.LIBCPMT ref: 0084ABE5
                                                                                                                                                                                                                                              • Part of subcall function 0084ABC5: _Yarn.LIBCPMT ref: 0084AC09
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LockitYarnstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                                                                            • API String ID: 2070049627-1405518554
                                                                                                                                                                                                                                            • Opcode ID: 51402e661627cf6c2acba344d89349efbdb4a4ac418ba44d1bfff0b78d2f2057
                                                                                                                                                                                                                                            • Instruction ID: 3971b17d0fdeeb8854d8bc23969670d760f301c24e8c22cb303058dfdea48b74
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51402e661627cf6c2acba344d89349efbdb4a4ac418ba44d1bfff0b78d2f2057
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0412BF1A007459BEB10DF69C805B57BAE8BF04714F044628E459DB781E7B9E518CBE2
                                                                                                                                                                                                                                            Function 0085B1FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0085B475
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                                                            • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                            • Opcode ID: 1c98226b2c7b1e1cb62b9659c989555404e23128c199f227d01c7746c4f848ae
                                                                                                                                                                                                                                            • Instruction ID: 8ed4ed461676dc31d2948c028783ef7056efb5a9abc3f77a02eced55c16f65aa
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c98226b2c7b1e1cb62b9659c989555404e23128c199f227d01c7746c4f848ae
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B31FB75400219EBCF3A9F54CC448AE7B66FF28317B18465AFD44CA122D332DDA9DB82
                                                                                                                                                                                                                                            Function 00431B74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                            • API String ID: 2610073882-1997036262
                                                                                                                                                                                                                                            • Opcode ID: fab3b1cf923dda6bbcbf2a6a4eb990dd60da037dcb32e50500b31a9bbd0eefbd
                                                                                                                                                                                                                                            • Instruction ID: f0fd381d5fec39a528671603911bf2c23c3a6a58f5352b7c8f79a7ebfcd5fa1a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fab3b1cf923dda6bbcbf2a6a4eb990dd60da037dcb32e50500b31a9bbd0eefbd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8841C53400C7C19AD365DB38849879FBFE16BA3324F585A5DE5E50B2E2D3B68005C753
                                                                                                                                                                                                                                            Function 0084B831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0084B8B9
                                                                                                                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?,?), ref: 0084B8DE
                                                                                                                                                                                                                                              • Part of subcall function 0085060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0084F354,00000000,?,?,?,0084F354,00843D4A,0087759C,00843D4A), ref: 0085066D
                                                                                                                                                                                                                                              • Part of subcall function 00858353: IsProcessorFeaturePresent.KERNEL32(00000017,0085378B,?,?,?,?,00000000,?,?,?,0084B5AC,0084B4E0,00000000,?,?,0084B4E0), ref: 0085836F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                            • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                            • Opcode ID: 4d02f9184a93abd97381575b8ede8adc00ecf01023ee589f8e58ed5a375bf190
                                                                                                                                                                                                                                            • Instruction ID: d4d0f6f604d992ed8e2ba966acf26d643022d82275504995e93b62fbf397e6b7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d02f9184a93abd97381575b8ede8adc00ecf01023ee589f8e58ed5a375bf190
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2215331E0021CEBCF24DF99D845AAEB7B9FF50750F180429E906EB251DB70ED458B82
                                                                                                                                                                                                                                            Function 00431EB2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782088667.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                            • API String ID: 2610073882-1997036262
                                                                                                                                                                                                                                            • Opcode ID: 052859013d9d38e2667cd6d4a973d26e13259a8311236937566f347b4283eafd
                                                                                                                                                                                                                                            • Instruction ID: d243482addc6a9906db6340bbd49a0a88fe957b0ea19312892bb6b26dda998fa
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 052859013d9d38e2667cd6d4a973d26e13259a8311236937566f347b4283eafd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3431D43010C7C19AD366CB3C848878FBFE16B97624F581A9DF1E54B2E2D3668009C753
                                                                                                                                                                                                                                            Function 0084B46C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00842673
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ___std_exception_copy
                                                                                                                                                                                                                                            • String ID: bad array new length$ios_base::badbit set
                                                                                                                                                                                                                                            • API String ID: 2659868963-1158432155
                                                                                                                                                                                                                                            • Opcode ID: fc27e4a6a10aee0947eca22240823dba798640370a2b16694ca6ba3baf0daca9
                                                                                                                                                                                                                                            • Instruction ID: 3a43a748f3257e0e3005032640890d31111127463681b1a3bd406ef20a3bd189
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc27e4a6a10aee0947eca22240823dba798640370a2b16694ca6ba3baf0daca9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2019EF1604304ABDB049F28D855A1A7BE4FB18318F11881CF559CB301D375E808CB82
                                                                                                                                                                                                                                            Function 00842610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0085060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0084F354,00000000,?,?,?,0084F354,00843D4A,0087759C,00843D4A), ref: 0085066D
                                                                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00842673
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1782153497.0000000000841000.00000020.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782140377.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782175566.000000000086D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782190382.000000000087A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782203878.000000000087F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782216386.0000000000882000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1782243324.00000000008CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_840000_Crosshair-X.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                            • String ID: bad array new length$ios_base::badbit set
                                                                                                                                                                                                                                            • API String ID: 3109751735-1158432155
                                                                                                                                                                                                                                            • Opcode ID: 5184c4caf2ad40d7666167fc9f98797256676602d4bca5216ecbaf66da611765
                                                                                                                                                                                                                                            • Instruction ID: 4f54ca43b7d51de82d174464fec8d91e38ac6bf0e3ae3c626541bca1613f010f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5184c4caf2ad40d7666167fc9f98797256676602d4bca5216ecbaf66da611765
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14F0D4F1A14300ABD700AF58D849747BAE4FB59719F12881CFA98DB300D3B5D458CB92