Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ZxSWvC0Tz7.exe

Overview

General Information

Sample name:ZxSWvC0Tz7.exe
renamed because original name is a hash value
Original sample name:430ebbca8a18195c4ceb1c0a11d6e389.exe
Analysis ID:1584189
MD5:430ebbca8a18195c4ceb1c0a11d6e389
SHA1:283e36f52de9ca0e86beead77991c7eb65039296
SHA256:c844db45ed1c2297b300b197e9e3360f850ad73663332cac4fc2333ce6a72175
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ZxSWvC0Tz7.exe (PID: 6640 cmdline: "C:\Users\user\Desktop\ZxSWvC0Tz7.exe" MD5: 430EBBCA8A18195C4CEB1C0A11D6E389)
    • WerFault.exe (PID: 6668 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 972 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["prisonyfork.buzz", "rebuildeso.buzz", "screwamusresz.buzz", "inherineau.buzz", "scentniej.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "appliacnesot.buzz"], "Build id": "4h5VfH--"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
    00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
      • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
      00000001.00000003.1280248883.0000000002160000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
        00000001.00000002.1454359556.0000000000730000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        Click to see the 1 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.ZxSWvC0Tz7.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          1.2.ZxSWvC0Tz7.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            1.3.ZxSWvC0Tz7.exe.2160000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              1.3.ZxSWvC0Tz7.exe.2160000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:05.431529+010020283713Unknown Traffic192.168.2.1149706104.102.49.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:04.742758+010020585721Domain Observed Used for C2 Detected192.168.2.11493901.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:04.666900+010020585761Domain Observed Used for C2 Detected192.168.2.11530001.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:04.756805+010020585781Domain Observed Used for C2 Detected192.168.2.11504591.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:04.721041+010020585801Domain Observed Used for C2 Detected192.168.2.11545471.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:04.682362+010020585841Domain Observed Used for C2 Detected192.168.2.11646971.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:04.695798+010020585861Domain Observed Used for C2 Detected192.168.2.11538181.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:04.709173+010020585881Domain Observed Used for C2 Detected192.168.2.11598871.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:04.732854+010020585901Domain Observed Used for C2 Detected192.168.2.11622191.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T15:34:06.239300+010028586661Domain Observed Used for C2 Detected192.168.2.1149706104.102.49.254443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: ZxSWvC0Tz7.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://inherineau.buzz/apirAvira URL Cloud: Label: malware
                Source: https://appliacnesot.buzz/apiAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apijAvira URL Cloud: Label: malware
                Source: https://cashfuzysao.buzz/apiAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/ote.coAvira URL Cloud: Label: malware
                Source: https://hummskitnj.buzz/apiAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 1.2.ZxSWvC0Tz7.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["prisonyfork.buzz", "rebuildeso.buzz", "screwamusresz.buzz", "inherineau.buzz", "scentniej.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "appliacnesot.buzz"], "Build id": "4h5VfH--"}
                Multi AV Scanner detection for submitted file
                Source: ZxSWvC0Tz7.exeVirustotal: Detection: 40%Perma Link
                Source: ZxSWvC0Tz7.exeReversingLabs: Detection: 55%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: ZxSWvC0Tz7.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: hummskitnj.buzz
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: cashfuzysao.buzz
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: appliacnesot.buzz
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: screwamusresz.buzz
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: inherineau.buzz
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: scentniej.buzz
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: rebuildeso.buzz
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: prisonyfork.buzz
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: cashfuzysao.buzz
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4h5VfH--

                Compliance

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeUnpacked PE file: 1.2.ZxSWvC0Tz7.exe.400000.0.unpack
                Source: ZxSWvC0Tz7.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.11:49706 version: TLS 1.2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h1_2_0043CD60
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp al, 2Eh1_2_00426054
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then jmp eax1_2_00426054
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h1_2_0043B05D
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]1_2_0043B05D
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h1_2_0043B068
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]1_2_0043B068
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]1_2_0040E83B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h1_2_0043B05B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]1_2_0043B05B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0040A940
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov edx, ecx1_2_0040A940
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]1_2_0040C917
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then jmp ecx1_2_0043C1F0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h1_2_00425990
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ecx, di1_2_00425990
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]1_2_0043B195
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movsx eax, byte ptr [esi]1_2_0043B9A1
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh1_2_004369A0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]1_2_0041E9B0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]1_2_004299B0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]1_2_0042526A
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ebx, edi1_2_0041D270
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov esi, eax1_2_00423A34
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h1_2_0043D2F0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, word ptr [eax]1_2_0043D2F0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then jmp ecx1_2_0043C280
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]1_2_00415298
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [eax], dx1_2_00415298
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0043AAB2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h1_2_004252BA
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h1_2_004252BA
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov eax, ebx1_2_0041CB05
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h1_2_0043CB20
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov edx, eax1_2_00427326
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_004143C2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov edi, dword ptr [esp+34h]1_2_004143C2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]1_2_0042A3D0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0042C45C
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ebp, dword ptr [eax]1_2_00436C00
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]1_2_0042B4FC
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0042B4FC
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]1_2_00418578
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov edx, eax1_2_0042750D
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_00421D10
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]1_2_0040DD25
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, edx1_2_0040BDC9
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]1_2_00417582
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]1_2_00427DA2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h1_2_004205B0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0042C64A
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0042AE48
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then jmp eax1_2_00426E50
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]1_2_0042B4F7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0042B4F7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0042AE24
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ebx, byte ptr [edx]1_2_00433630
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0042C6E4
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]1_2_00425E90
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h1_2_0043CE90
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [eax], cx1_2_004166A0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [eax], cx1_2_0041BEA0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0042ADF4
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov eax, edx1_2_0041C6BB
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then jmp eax1_2_0043BF40
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]1_2_00415F66
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch1_2_00419770
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh1_2_00419770
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh1_2_00419770
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h1_2_00419770
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h1_2_00419770
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h1_2_00419770
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh1_2_00419770
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h1_2_00419770
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]1_2_0043A777
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]1_2_00409700
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]1_2_00409700
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]1_2_00409700
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0042C726
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0042C735
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [edi], al1_2_0040CFF3
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]1_2_0040CFF3
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [ebp+00h], al1_2_0041DF80
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]1_2_0040D7A2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]1_2_0040D7A2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, edx1_2_0076C030
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h1_2_0079D0F7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]1_2_007860F7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then jmp eax1_2_007870E4
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0078B0AF
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0078B08B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0078B05B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [ebp+00h], al1_2_0077E1E7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then jmp eax1_2_0079C268
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [edi], al1_2_0076D25A
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]1_2_0076D25A
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h1_2_0079B2CF
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]1_2_0079B2CF
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h1_2_0079B2C4
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]1_2_0079B2C4
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h1_2_0079B2C2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]1_2_0079B2C2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]1_2_0079B3FC
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp al, 2Eh1_2_007863B6
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ebx, edi1_2_0077D4D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]1_2_007854D1
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h1_2_0079D557
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, word ptr [eax]1_2_0079D557
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]1_2_00776544
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]1_2_0077554C
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [eax], cx1_2_0077C528
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h1_2_0078552B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h1_2_007855B3
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h1_2_0078559D
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]1_2_0078A637
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0078C6C3
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]1_2_0078B763
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0078B763
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then jmp eax1_2_00786739
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]1_2_007777E9
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]1_2_007787DF
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then jmp ecx1_2_0079C79B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov edx, eax1_2_00787797
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]1_2_0078B75E
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0078B75E
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h1_2_00780817
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_00774806
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0078C8B1
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ebx, byte ptr [edx]1_2_00793897
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]1_2_00769967
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]1_2_00769967
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]1_2_00769967
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0078C94B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov eax, edx1_2_0077C921
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [eax], cx1_2_00776907
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch1_2_007799D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh1_2_007799D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh1_2_007799D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h1_2_007799D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h1_2_007799D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h1_2_007799D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh1_2_007799D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h1_2_007799D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]1_2_0079A9DE
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]1_2_007889C0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0078C99C
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0078C98D
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]1_2_0076DA09
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]1_2_0076DA09
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]1_2_0076EAA2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]1_2_0076CB7E
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h1_2_00785BF7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ecx, di1_2_00785BF7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0076ABA7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov edx, ecx1_2_0076ABA7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh1_2_00796C3B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]1_2_0077EC17
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]1_2_00789C17
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movsx eax, byte ptr [esi]1_2_0079BC08
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov esi, eax1_2_00783C9B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_0079AD19
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h1_2_0079CD87
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ebp, dword ptr [eax]1_2_00796E67
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [eax], dx1_2_00775F79
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov ecx, eax1_2_00781F77
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [ebx], dx1_2_00778F35
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then mov word ptr [ebx], cx1_2_00778F35
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h1_2_0079CFC7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]1_2_0076DF8C

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.11:50459 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.11:54547 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.11:62219 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.11:53000 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.11:53818 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.11:64697 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.11:59887 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.11:49390 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.11:49706 -> 104.102.49.254:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: prisonyfork.buzz
                Source: Malware configuration extractorURLs: rebuildeso.buzz
                Source: Malware configuration extractorURLs: screwamusresz.buzz
                Source: Malware configuration extractorURLs: inherineau.buzz
                Source: Malware configuration extractorURLs: scentniej.buzz
                Source: Malware configuration extractorURLs: hummskitnj.buzz
                Source: Malware configuration extractorURLs: cashfuzysao.buzz
                Source: Malware configuration extractorURLs: appliacnesot.buzz
                Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49706 -> 104.102.49.254:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=ac8bafdcc114c79838a6348f; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 04 Jan 2025 14:34:06 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
                Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
                Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
                Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
                Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
                Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
                Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
                Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: Amcache.hve.9.drString found in binary or memory: http://upx.sf.net
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appliacnesot.buzz/api
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cashfuzysao.buzz/api
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hummskitnj.buzz/api
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inherineau.buzz/apir
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apij
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/ote.co
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/:
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/b
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/e
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900u
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000083B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000083B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.11:49706 version: TLS 1.2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,1_2_004310D0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,1_2_004310D0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,1_2_00431839

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000001.00000002.1454359556.0000000000730000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0040B44C1_2_0040B44C
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004087901_2_00408790
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004260541_2_00426054
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043B0681_2_0043B068
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004140701_2_00414070
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043C0201_2_0043C020
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004398301_2_00439830
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043D8301_2_0043D830
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041B0E11_2_0041B0E1
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041F0E01_2_0041F0E0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004210E01_2_004210E0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004358901_2_00435890
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004340981_2_00434098
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043D0A01_2_0043D0A0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004180A91_2_004180A9
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0040A9401_2_0040A940
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041714B1_2_0041714B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0040C9171_2_0040C917
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042B12C1_2_0042B12C
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042F1301_2_0042F130
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042B1C01_2_0042B1C0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041D9E01_2_0041D9E0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004361E01_2_004361E0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004111E51_2_004111E5
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004059F01_2_004059F0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004239F21_2_004239F2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043C1F01_2_0043C1F0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0040F9FD1_2_0040F9FD
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004259901_2_00425990
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043B9A11_2_0043B9A1
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004062501_2_00406250
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041D2701_2_0041D270
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00424A741_2_00424A74
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004092301_2_00409230
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00423A341_2_00423A34
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004192DA1_2_004192DA
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043D2F01_2_0043D2F0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043C2801_2_0043C280
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004152981_2_00415298
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004082AE1_2_004082AE
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004252BA1_2_004252BA
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041CB051_2_0041CB05
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00428BC01_2_00428BC0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004143C21_2_004143C2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00402BD01_2_00402BD0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00428BE91_2_00428BE9
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004373991_2_00437399
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004393A01_2_004393A0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00416BA51_2_00416BA5
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004293AA1_2_004293AA
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004223B81_2_004223B8
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00436C001_2_00436C00
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004234101_2_00423410
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042B4FC1_2_0042B4FC
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00404CB01_2_00404CB0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004074B01_2_004074B0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041DD501_2_0041DD50
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004185781_2_00418578
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042D57E1_2_0042D57E
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004245021_2_00424502
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00421D101_2_00421D10
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0040DD251_2_0040DD25
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041D5E01_2_0041D5E0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004175821_2_00417582
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043D5801_2_0043D580
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00427DA21_2_00427DA2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004205B01_2_004205B0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042C64A1_2_0042C64A
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00426E501_2_00426E50
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042B4F71_2_0042B4F7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043462A1_2_0043462A
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004356301_2_00435630
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004066E01_2_004066E0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042C6E41_2_0042C6E4
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00430EF01_2_00430EF0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004256F91_2_004256F9
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00422E931_2_00422E93
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00425E901_2_00425E90
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004156A01_2_004156A0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041BEA01_2_0041BEA0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00438EA01_2_00438EA0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00435EA01_2_00435EA0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00405EB01_2_00405EB0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041C6BB1_2_0041C6BB
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00415F661_2_00415F66
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004197701_2_00419770
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004097001_2_00409700
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042C7261_2_0042C726
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0042C7351_2_0042C735
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041DF801_2_0041DF80
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00402FA01_2_00402FA0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007880091_2_00788009
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0076C0E81_2_0076C0E8
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007911571_2_00791157
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007661171_2_00766117
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007881081_2_00788108
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007991071_2_00799107
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007961071_2_00796107
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077E1E71_2_0077E1E7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077C1AC1_2_0077C1AC
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007632071_2_00763207
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007942FF1_2_007942FF
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0079B2CF1_2_0079B2CF
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077F3471_2_0077F347
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077734A1_2_0077734A
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077B3481_2_0077B348
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007813471_2_00781347
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0079D3071_2_0079D307
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007683C71_2_007683C7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007773B21_2_007773B2
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078B3931_2_0078B393
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078F3971_2_0078F397
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077144C1_2_0077144C
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007964471_2_00796447
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078B4271_2_0078B427
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077D4D71_2_0077D4D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007664B71_2_007664B7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007694971_2_00769497
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0079D5571_2_0079D557
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007795411_2_00779541
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077C5281_2_0077C528
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007645D71_2_007645D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007896111_2_00789611
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007996071_2_00799607
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078B7631_2_0078B763
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007677171_2_00767717
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078D7E51_2_0078D7E5
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0079D7E71_2_0079D7E7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007787DF1_2_007787DF
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078B75E1_2_0078B75E
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077D8471_2_0077D847
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007808171_2_00780817
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078C8B11_2_0078C8B1
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007948911_2_00794891
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007958971_2_00795897
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007699671_2_00769967
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007669471_2_00766947
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078C94B1_2_0078C94B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077C9211_2_0077C921
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007689F71_2_007689F7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007799D71_2_007799D7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078C99C1_2_0078C99C
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0078C98D1_2_0078C98D
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00795AF71_2_00795AF7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00799A971_2_00799A97
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0079DA971_2_0079DA97
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0076CB7E1_2_0076CB7E
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00785BF71_2_00785BF7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00777BA71_2_00777BA7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0076ABA71_2_0076ABA7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0076FC641_2_0076FC64
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00765C571_2_00765C57
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077DC471_2_0077DC47
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00763C271_2_00763C27
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0079BC081_2_0079BC08
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00784CF41_2_00784CF4
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00783C9B1_2_00783C9B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00796E671_2_00796E67
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00762E371_2_00762E37
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00781F771_2_00781F77
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00778F351_2_00778F35
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00764F171_2_00764F17
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077DFB71_2_0077DFB7
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0076DF8C1_2_0076DF8C
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: String function: 00414060 appears 74 times
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: String function: 00407F70 appears 46 times
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: String function: 007681D7 appears 78 times
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: String function: 007742C7 appears 74 times
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 972
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1280629684.000000000082F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesOriginal4 vs ZxSWvC0Tz7.exe
                Source: ZxSWvC0Tz7.exe, 00000001.00000000.1270714908.0000000000449000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesOriginal4 vs ZxSWvC0Tz7.exe
                Source: ZxSWvC0Tz7.exeBinary or memory string: OriginalFilenamesOriginal4 vs ZxSWvC0Tz7.exe
                Source: ZxSWvC0Tz7.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000001.00000002.1454359556.0000000000730000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: ZxSWvC0Tz7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@10/1
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007307A6 CreateToolhelp32Snapshot,Module32First,1_2_007307A6
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,1_2_004361E0
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6640
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\2e999603-f5ab-4465-914a-b9ccec3796d9Jump to behavior
                Source: ZxSWvC0Tz7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: ZxSWvC0Tz7.exeVirustotal: Detection: 40%
                Source: ZxSWvC0Tz7.exeReversingLabs: Detection: 55%
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeFile read: C:\Users\user\Desktop\ZxSWvC0Tz7.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\ZxSWvC0Tz7.exe "C:\Users\user\Desktop\ZxSWvC0Tz7.exe"
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 972
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: msvcr100.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeUnpacked PE file: 1.2.ZxSWvC0Tz7.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeUnpacked PE file: 1.2.ZxSWvC0Tz7.exe.400000.0.unpack
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043F83E push es; retf 1_2_0043F83F
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0041ACF6 push esp; iretd 1_2_0041ACFF
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00444520 push ebp; ret 1_2_00444522
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043BF00 push eax; mov dword ptr [esp], 49484716h1_2_0043BF01
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_007331F5 pushad ; ret 1_2_007331FA
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0073347B push ebp; ret 1_2_00733480
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0079C167 push eax; mov dword ptr [esp], 49484716h1_2_0079C168
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0079F6A5 push es; retf 1_2_0079F6A6
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0077AF5D push esp; iretd 1_2_0077AF66
                Source: ZxSWvC0Tz7.exeStatic PE information: section name: .text entropy: 7.823726979549338
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exe TID: 3472Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exe TID: 3472Thread sleep time: -30000s >= -30000sJump to behavior
                Source: Amcache.hve.9.drBinary or memory string: VMware
                Source: Amcache.hve.9.drBinary or memory string: VMware-42 27 b7 a3 1e b0 86 f3-0a fe 06 07 d0 80 07 92
                Source: Amcache.hve.9.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.9.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.9.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.9.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.9.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.9.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000083B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454449256.00000000007EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.9.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.9.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Amcache.hve.9.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.9.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.9.drBinary or memory string: vmci.sys
                Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.9.drBinary or memory string: \driver\vmci,\driver\pci
                Source: ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000083B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW1q7
                Source: Amcache.hve.9.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.9.drBinary or memory string: VMware20,1
                Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.9.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.9.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.9.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.9.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.9.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.9.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.9.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.9.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.9.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0043A9B0 LdrInitializeThunk,1_2_0043A9B0
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00730083 push dword ptr fs:[00000030h]1_2_00730083
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_0076092B mov eax, dword ptr fs:[00000030h]1_2_0076092B
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeCode function: 1_2_00760D90 mov eax, dword ptr fs:[00000030h]1_2_00760D90

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: ZxSWvC0Tz7.exeString found in binary or memory: hummskitnj.buzz
                Source: ZxSWvC0Tz7.exeString found in binary or memory: cashfuzysao.buzz
                Source: ZxSWvC0Tz7.exeString found in binary or memory: appliacnesot.buzz
                Source: ZxSWvC0Tz7.exeString found in binary or memory: screwamusresz.buzz
                Source: ZxSWvC0Tz7.exeString found in binary or memory: inherineau.buzz
                Source: ZxSWvC0Tz7.exeString found in binary or memory: scentniej.buzz
                Source: ZxSWvC0Tz7.exeString found in binary or memory: rebuildeso.buzz
                Source: ZxSWvC0Tz7.exeString found in binary or memory: prisonyfork.buzz
                Source: C:\Users\user\Desktop\ZxSWvC0Tz7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.9.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.9.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.9.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.9.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: Amcache.hve.9.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: Yara matchFile source: 1.2.ZxSWvC0Tz7.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.ZxSWvC0Tz7.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.3.ZxSWvC0Tz7.exe.2160000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.3.ZxSWvC0Tz7.exe.2160000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.1280248883.0000000002160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: Yara matchFile source: 1.2.ZxSWvC0Tz7.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.ZxSWvC0Tz7.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.3.ZxSWvC0Tz7.exe.2160000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.3.ZxSWvC0Tz7.exe.2160000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.1280248883.0000000002160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                PowerShell                		1
                DLL Side-Loading                		1
                Process Injection                		1
                Virtualization/Sandbox Evasion                		OS Credential Dumping11
                Security Software Discovery                		Remote Services1
                Screen Capture                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Process Injection                		LSASS Memory1
                Virtualization/Sandbox Evasion                		Remote Desktop Protocol1
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                Deobfuscate/Decode Files or Information                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin Shares2
                Clipboard Data                		2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
                Obfuscated Files or Information                		NTDS2
                System Information Discovery                		Distributed Component Object ModelInput Capture113
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
                Software Packing                		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                ZxSWvC0Tz7.exe40%VirustotalBrowse
                ZxSWvC0Tz7.exe55%ReversingLabsWin32.Trojan.CrypterX
                ZxSWvC0Tz7.exe100%AviraHEUR/AGEN.1306978
                ZxSWvC0Tz7.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://inherineau.buzz/apir100%Avira URL Cloudmalware
                https://appliacnesot.buzz/api100%Avira URL Cloudmalware
                https://lev-tolstoi.com/apij100%Avira URL Cloudmalware
                https://cashfuzysao.buzz/api100%Avira URL Cloudmalware
                https://lev-tolstoi.com/ote.co100%Avira URL Cloudmalware
                https://hummskitnj.buzz/api100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                steamcommunity.com
                		104.102.49.254
                		truefalse
                  		high
                  cashfuzysao.buzz
                  		unknown
                  		unknownfalse
                    		high
                    lev-tolstoi.com
                    		unknown
                    		unknownfalse
                      		high
                      scentniej.buzz
                      		unknown
                      		unknownfalse
                        		high
                        inherineau.buzz
                        		unknown
                        		unknownfalse
                          		high
                          prisonyfork.buzz
                          		unknown
                          		unknownfalse
                            		high
                            rebuildeso.buzz
                            		unknown
                            		unknownfalse
                              		high
                              appliacnesot.buzz
                              		unknown
                              		unknownfalse
                                		high
                                hummskitnj.buzz
                                		unknown
                                		unknownfalse
                                  		high
                                  screwamusresz.buzz
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    scentniej.buzzfalse
                                      		high
                                      https://steamcommunity.com/profiles/76561199724331900false
                                        		high
                                        rebuildeso.buzzfalse
                                          		high
                                          appliacnesot.buzzfalse
                                            		high
                                            screwamusresz.buzzfalse
                                              		high
                                              cashfuzysao.buzzfalse
                                                		high
                                                inherineau.buzzfalse
                                                  		high
                                                  hummskitnj.buzzfalse
                                                    		high
                                                    prisonyfork.buzzfalse
                                                      		high

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://player.vimeo.comZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://steamcommunity.com/?subsection=broadcastsZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://inherineau.buzz/apirZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              https://store.steampowered.com/subscriber_agreement/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.gstatic.cn/recaptcha/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.valvesoftware.com/legal.htmZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.youtube.comZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.comZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://s.ytimg.com;ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://steam.tv/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://steamcommunity.com/profiles/76561199724331900uZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://lev-tolstoi.com/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steamcommunity.com/eZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://store.steampowered.com/privacy_agreement/ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://store.steampowered.com/points/shop/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://steamcommunity.com/bZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&aZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://sketchfab.comZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://lv.queniujq.cnZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://steamcommunity.com/profiles/76561199724331900/inventory/ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.youtube.com/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://store.steampowered.com/privacy_agreement/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://lev-tolstoi.com/apiZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.google.com/recaptcha/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://checkout.steampowered.com/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://appliacnesot.buzz/apiZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                      		unknown
                                                                                                                                      https://store.steampowered.com/;ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000083B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://store.steampowered.com/about/ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://steamcommunity.com/my/wishlist/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://help.steampowered.com/en/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://steamcommunity.com/market/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/news/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://store.steampowered.com/subscriber_agreement/ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://cashfuzysao.buzz/apiZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                        		unknown
                                                                                                                                                        https://recaptcha.net/recaptcha/;ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.com/discussions/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://hummskitnj.buzz/apiZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                            		unknown
                                                                                                                                                            https://store.steampowered.com/stats/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://medal.tvZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://broadcast.st.dl.eccdnx.comZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://store.steampowered.com/steam_refunds/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=eZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://steamcommunity.com/workshop/ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://login.steampowered.com/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000083B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/legal/ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://steamcommunity.com/:ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://lev-tolstoi.com/ote.coZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000085B000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.000000000085B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&aZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://recaptcha.netZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://upx.sf.netAmcache.hve.9.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://store.steampowered.com/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=eZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://127.0.0.1:27060ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298851937.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://lev-tolstoi.com/apijZxSWvC0Tz7.exe, 00000001.00000002.1454551074.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://help.steampowered.com/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://api.steampowered.com/ZxSWvC0Tz7.exe, 00000001.00000002.1454551074.000000000083B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://store.steampowered.com/account/cookiepreferences/ZxSWvC0Tz7.exe, 00000001.00000003.1298440335.000000000082E000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298414206.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000881000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000003.1298251105.0000000000887000.00000004.00000020.00020000.00000000.sdmp, ZxSWvC0Tz7.exe, 00000001.00000002.1454764694.0000000000895000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                104.102.49.254
                                                                                                                                                                                                                                		steamcommunity.comUnited States
                                                                                                                                                                                                                                		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1584189
                                                                                                                                                                                                                                Start date and time:2025-01-04 15:33:08 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 4m 59s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:15
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:ZxSWvC0Tz7.exe
                                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                                Original Sample Name:430ebbca8a18195c4ceb1c0a11d6e389.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.evad.winEXE@2/5@10/1
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 98%
                                                                                                                                                                                                                                • Number of executed functions: 15
                                                                                                                                                                                                                                • Number of non-executed functions: 234
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 13.89.179.12, 20.189.173.21, 13.107.246.45, 40.126.31.71, 172.202.163.200
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                09:34:03API Interceptor3x Sleep call for process: ZxSWvC0Tz7.exe modified
                                                                                                                                                                                                                                09:34:20API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                                                http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • www.valvesoftware.com/legal.htm

                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                KRNL.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                Gz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                Exlan_setup_v3.1.2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                Bootstrapper.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                GPU-Z.exeGet hashmaliciousLummaC, DarkTortilla, LummaC StealerBrowse
                                                                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                AKAMAI-ASUSFantazy.i686.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 184.84.152.19
                                                                                                                                                                                                                                Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.93.240.25
                                                                                                                                                                                                                                Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 23.75.89.252
                                                                                                                                                                                                                                random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 23.57.90.146
                                                                                                                                                                                                                                random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 23.200.88.41
                                                                                                                                                                                                                                armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 23.62.43.35
                                                                                                                                                                                                                                armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 184.29.93.248
                                                                                                                                                                                                                                1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.113.184.13
                                                                                                                                                                                                                                3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.73.151.50
                                                                                                                                                                                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 96.26.27.89

                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1SOElePqvtf.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                m4lz5aeAiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                ehD7zv3l4U.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                rdFy6abQ61.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                9cOUjp7ybm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                download.bin.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                hthjjadrthad.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ZxSWvC0Tz7.exe_cd9cdb3444e3fe08828f6713e9fb35577bddc_ba8d0f5d_e18c8702-825f-4dd0-b27f-6e7c5595f1ed\Report.wer

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                Entropy (8bit):0.957563265408131
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:yLfeDtJnlHevL0p0ckJnRRjvERzuiFcQZ24IO8p0n2:3ntplkJHjQzuiFcQY4IO84
                                                                                                                                                                                                                                MD5:C2C9D9166E29682617CE89B0F9413992
                                                                                                                                                                                                                                SHA1:333DCBB8CEBB73DA70CBF577FDF535169737873F
                                                                                                                                                                                                                                SHA-256:5FB9DFC420A325CC67DB45FCD1FF7F3214BFB595B14B0C3923B68C2CD952E2E3
                                                                                                                                                                                                                                SHA-512:E63EB9F83940F6737EE2DA502B10A4148C920ED2EA74658B9FA4F1CEACBB3F1E834EB92913CBAF802DA1FF406942946504D7DBDA45C68EAA72445DED180F4539
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.4.7.4.8.4.5.7.0.2.8.1.0.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.4.7.4.8.4.6.2.3.4.0.6.5.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.1.8.c.8.7.0.2.-.8.2.5.f.-.4.d.d.0.-.b.2.7.f.-.6.e.7.c.5.5.9.5.f.1.e.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.5.1.8.2.1.7.c.-.7.e.d.2.-.4.4.b.b.-.9.0.0.4.-.f.b.0.4.a.4.0.1.8.7.d.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.Z.x.S.W.v.C.0.T.z.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.f.0.-.0.0.0.1.-.0.0.1.3.-.8.8.e.0.-.2.0.b.3.b.5.5.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.9.a.7.e.0.0.3.4.2.6.5.b.4.e.7.9.c.c.f.a.f.9.a.3.7.2.2.b.b.b.7.0.0.0.0.f.f.f.f.!.0.0.0.0.2.8.3.e.3.6.f.5.2.d.e.9.c.a.0.e.8.6.b.e.e.a.d.7.7.9.9.1.c.7.e.b.6.5.0.3.9.2.9.6.!.Z.x.S.W.v.C.0.T.z.7...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER96B2.tmp.dmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Sat Jan 4 14:34:05 2025, 0x1205a4 type
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):49180
                                                                                                                                                                                                                                Entropy (8bit):2.670181129440248
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sslXEKSIX8W7Ox1BKdqcOdPfv2vTgSZeBJQhKwZplPAYvGShGTpgQvGwYzRXiVXt:SKSIszTBrc8XCgSZiAplP7FGdpY9yZt
                                                                                                                                                                                                                                MD5:E11753ECE117205E411C7677EB475AF0
                                                                                                                                                                                                                                SHA1:C9387FEC340E3E50F1E9F971FD66EC15EE821762
                                                                                                                                                                                                                                SHA-256:EDA9686961CA3EF0E345203BCBF4EEB586144202B74724D5CF78EBDBBF8F2668
                                                                                                                                                                                                                                SHA-512:CB939491051001D1D150CA1C5EC655645F0A8A9D08F2EC62A1FD6E352C0911A922E447B718606C6790C9D8516FDD55CAFC92AE98A2F03BE99017D203D3259DDF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Preview:MDMP..a..... ........Fyg............4...............H...........<...........(...........`.......8...........T........... @.............. ............ ..............................................................................eJ....... ......GenuineIntel............T............Fyg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER97BD.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):8308
                                                                                                                                                                                                                                Entropy (8bit):3.701627783732483
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:R6l7wVeJCEy6Ii6YeWSU99gmf7JQNZycPpD989bGwsfWCm:R6lXJ66N6YvSU99gmfCPgGDfa
                                                                                                                                                                                                                                MD5:9184A91B807115F25FBDB90CEA9C77EB
                                                                                                                                                                                                                                SHA1:29F847112A272FAB357D2B114E0BE17F85AB5F8F
                                                                                                                                                                                                                                SHA-256:C4F5CFEE2843F518B32EF9F81E69609E878AB345389B6ACE959F6F9A02B80404
                                                                                                                                                                                                                                SHA-512:3B7EE50613E944FF369BC915A9C68C226C4BDF44657C377418AAEE649C49C5D589B3DAC860A1E6C50DFE88DEFD95C405723672A5D0A2E1E4BD57A6FABFCCE4F1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.4.0.<./.P.i.

                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER97ED.tmp.xml

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):4579
                                                                                                                                                                                                                                Entropy (8bit):4.474267029309299
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:48:cvIwWl8zsmJg77aI9m/DWpW8VYkYm8M4JIX69XavFK+q8rEv2CBGV/aQUzwUkd:uIjf8I7Wy7VMJfdGVifz/kd
                                                                                                                                                                                                                                MD5:5D9EF606CEA52866879F403165B1D6AA
                                                                                                                                                                                                                                SHA1:6469000ACBA6CB4C037329385C388B4A346E2E28
                                                                                                                                                                                                                                SHA-256:35566F37B5BC2ACB470FB34FC47DE38A6033701A0118850A975C30CA414AA5D9
                                                                                                                                                                                                                                SHA-512:56BDBF67D29EAEF9471BCFF7398CFDFC3697D272C691EE8155A29DDA1D31345790604C71B95908888A20FE0D1D4C409BA054FDFEE7D871B175C10C4845D2E75D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="661296" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1835008
                                                                                                                                                                                                                                Entropy (8bit):4.298811975044338
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:1ECqOEmWfd+WQFvy/9026ZTyaRsCDusBqD5dooi8l4SD6VJSR0B:SCQL6seqD5SBSWVARm
                                                                                                                                                                                                                                MD5:B43CA32656CBE54C4E07BB719514384D
                                                                                                                                                                                                                                SHA1:6CD6A616CF4831AB3220D952561368F56CA5AA68
                                                                                                                                                                                                                                SHA-256:9AD8B875445B17F81B584282287E1EC9E4734DD269A3749B6C6203A95627B953
                                                                                                                                                                                                                                SHA-512:69ADDF62E20BA7A41E7A2E34E7548CD34D2FD4EC4DC9F83722158C41A51DE8F812735EF518BD370B8FBC6EB672370D50C22D76A16DEB4FEE9FFCB66B129240BA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Preview:regfD...D....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....^.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                Entropy (8bit):7.366344793175919
                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                File name:ZxSWvC0Tz7.exe
                                                                                                                                                                                                                                File size:304'640 bytes
                                                                                                                                                                                                                                MD5:430ebbca8a18195c4ceb1c0a11d6e389
                                                                                                                                                                                                                                SHA1:283e36f52de9ca0e86beead77991c7eb65039296
                                                                                                                                                                                                                                SHA256:c844db45ed1c2297b300b197e9e3360f850ad73663332cac4fc2333ce6a72175
                                                                                                                                                                                                                                SHA512:52554ba534d59a50a07ff6fb024821ce28f8cf31f94c0440016ce39f6a5c1767b30a7800b9f8a7a2058af0064b06cf375bc9288e0acfc3b7a76220854c2cfccc
                                                                                                                                                                                                                                SSDEEP:6144:IPLq2CdYYwakuBM+a4EEMXj5UXt9AskZ:8ODrWcM+FMX9UX
                                                                                                                                                                                                                                TLSH:7A54F1217AF0C472C45787755821CAB46FBE3C2166A585BB3318737E1E302E1667A3BE
                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.!.g.OCg.OCg.OC...Cf.OCy..CB.OCy..C}.OCy..C..OC@M4C`.OCg.NC..OCy..Cf.OCy..Cf.OCy..Cf.OCRichg.OC........PE..L......d...........

                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                Icon Hash:715145154142405b

                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Entrypoint:0x40440a
                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                Time Stamp:0x64D7861F [Sat Aug 12 13:16:15 2023 UTC]
                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                Import Hash:44461efbee82bd87515a33a28264762b

                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                call 00007F9DD88B281Dh
                                                                                                                                                                                                                                jmp 00007F9DD88AF88Eh
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                mov edx, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                                                test edx, edx
                                                                                                                                                                                                                                je 00007F9DD88AFA7Bh
                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                mov al, byte ptr [esp+08h]
                                                                                                                                                                                                                                test al, al
                                                                                                                                                                                                                                jne 00007F9DD88AFA28h
                                                                                                                                                                                                                                cmp edx, 00000100h
                                                                                                                                                                                                                                jc 00007F9DD88AFA20h
                                                                                                                                                                                                                                cmp dword ptr [00448B84h], 00000000h
                                                                                                                                                                                                                                je 00007F9DD88AFA17h
                                                                                                                                                                                                                                jmp 00007F9DD88B28CDh
                                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                                mov edi, ecx
                                                                                                                                                                                                                                cmp edx, 04h
                                                                                                                                                                                                                                jc 00007F9DD88AFA43h
                                                                                                                                                                                                                                neg ecx
                                                                                                                                                                                                                                and ecx, 03h
                                                                                                                                                                                                                                je 00007F9DD88AFA1Eh
                                                                                                                                                                                                                                sub edx, ecx
                                                                                                                                                                                                                                mov byte ptr [edi], al
                                                                                                                                                                                                                                add edi, 01h
                                                                                                                                                                                                                                sub ecx, 01h
                                                                                                                                                                                                                                jne 00007F9DD88AFA08h
                                                                                                                                                                                                                                mov ecx, eax
                                                                                                                                                                                                                                shl eax, 08h
                                                                                                                                                                                                                                add eax, ecx
                                                                                                                                                                                                                                mov ecx, eax
                                                                                                                                                                                                                                shl eax, 10h
                                                                                                                                                                                                                                add eax, ecx
                                                                                                                                                                                                                                mov ecx, edx
                                                                                                                                                                                                                                and edx, 03h
                                                                                                                                                                                                                                shr ecx, 02h
                                                                                                                                                                                                                                je 00007F9DD88AFA18h
                                                                                                                                                                                                                                rep stosd
                                                                                                                                                                                                                                test edx, edx
                                                                                                                                                                                                                                je 00007F9DD88AFA1Ch
                                                                                                                                                                                                                                mov byte ptr [edi], al
                                                                                                                                                                                                                                add edi, 01h
                                                                                                                                                                                                                                sub edx, 01h
                                                                                                                                                                                                                                jne 00007F9DD88AFA08h
                                                                                                                                                                                                                                mov eax, dword ptr [esp+08h]
                                                                                                                                                                                                                                pop edi
                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                mov eax, dword ptr [esp+04h]
                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                mov edi, edi
                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                mov dword ptr [00443F00h], eax
                                                                                                                                                                                                                                mov dword ptr [00443F04h], eax
                                                                                                                                                                                                                                mov dword ptr [00443F08h], eax
                                                                                                                                                                                                                                mov dword ptr [00443F0Ch], eax
                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                mov edi, edi
                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                mov ecx, dword ptr [0043E6C4h]
                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                cmp dword ptr [eax+04h], edx
                                                                                                                                                                                                                                je 00007F9DD88AFA21h
                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                imul esi, esi, 0Ch

                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                • [C++] VS2008 build 21022
                                                                                                                                                                                                                                • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                • [RES] VS2008 build 21022
                                                                                                                                                                                                                                • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3d62c0x50.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000x70b0.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2d780x40.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x10000x190.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                .text0x10000x3cf500x3d00011becb7429732e123877381ddea15cf7False0.8811395363729508data7.823726979549338IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .data0x3e0000xaba40x6000ae958c141a578d6b25301c2b11260fbbFalse0.08024088541666667data0.9415640905291036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                .rsrc0x490000xc0b00x7200f9217751b3899a63e9506fb1f44af994False0.47364994517543857data4.7885108004853585IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                RT_CURSOR0x4f2800x330Device independent bitmap graphic, 48 x 96 x 1, image size 00.1948529411764706
                                                                                                                                                                                                                                RT_CURSOR0x4f5b00x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.33223684210526316
                                                                                                                                                                                                                                RT_ICON0x493900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0RomanianRomania0.43310234541577824
                                                                                                                                                                                                                                RT_ICON0x4a2380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RomanianRomania0.5514440433212996
                                                                                                                                                                                                                                RT_ICON0x4aae00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0RomanianRomania0.5858294930875576
                                                                                                                                                                                                                                RT_ICON0x4b1a80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RomanianRomania0.6047687861271677
                                                                                                                                                                                                                                RT_ICON0x4b7100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0RomanianRomania0.44408713692946056
                                                                                                                                                                                                                                RT_ICON0x4dcb80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RomanianRomania0.4946060037523452
                                                                                                                                                                                                                                RT_ICON0x4ed600x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RomanianRomania0.525709219858156
                                                                                                                                                                                                                                RT_STRING0x4f9300x3ceAmigaOS bitmap font "i", fc_YSize 30720, 19456 elements, 2nd "f", 3rd "v"RomanianRomania0.4650924024640657
                                                                                                                                                                                                                                RT_STRING0x4fd000x3b0dataRomanianRomania0.461864406779661
                                                                                                                                                                                                                                RT_ACCELERATOR0x4f2300x50dataRomanianRomania0.8125
                                                                                                                                                                                                                                RT_GROUP_CURSOR0x4f6e00x22data1.0294117647058822
                                                                                                                                                                                                                                RT_GROUP_ICON0x4f1c80x68dataRomanianRomania0.6826923076923077
                                                                                                                                                                                                                                RT_VERSION0x4f7080x224data0.5200729927007299

                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                KERNEL32.dllSetLocaleInfoA, WriteConsoleInputW, InterlockedIncrement, EnumCalendarInfoW, InterlockedDecrement, GetCurrentProcess, InterlockedCompareExchange, WriteConsoleInputA, FreeEnvironmentStringsA, GetWindowsDirectoryA, EnumTimeFormatsW, SwitchToFiber, ReadConsoleInputA, GetVersionExW, GetAtomNameW, FindNextVolumeMountPointW, GetShortPathNameA, LCMapStringA, GetLogicalDriveStringsA, GetLastError, SetLastError, GetProcAddress, VirtualAlloc, EnumSystemCodePagesW, SetComputerNameA, LoadLibraryA, OpenEventA, GetCommMask, FindNextFileA, EnumDateFormatsA, GetModuleHandleA, TerminateJobObject, GetCurrentProcessId, EnumCalendarInfoExA, FindNextVolumeA, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleW, Sleep, ExitProcess, GetStartupInfoW, WriteFile, GetStdHandle, GetModuleFileNameA, TerminateProcess, IsDebuggerPresent, HeapAlloc, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, HeapSize, HeapFree, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, SetFilePointer, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RtlUnwind, RaiseException, SetStdHandle, GetLocaleInfoA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetConsoleCP, GetConsoleMode, FlushFileBuffers, CloseHandle
                                                                                                                                                                                                                                USER32.dllOemToCharA, DdeQueryStringA, GetWindowTextLengthA
                                                                                                                                                                                                                                SHELL32.dllDragQueryPoint

                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                RomanianRomania

                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2025-01-04T15:34:04.666900+01002058576ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)1192.168.2.11530001.1.1.153UDP
                                                                                                                                                                                                                                2025-01-04T15:34:04.682362+01002058584ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)1192.168.2.11646971.1.1.153UDP
                                                                                                                                                                                                                                2025-01-04T15:34:04.695798+01002058586ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)1192.168.2.11538181.1.1.153UDP
                                                                                                                                                                                                                                2025-01-04T15:34:04.709173+01002058588ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)1192.168.2.11598871.1.1.153UDP
                                                                                                                                                                                                                                2025-01-04T15:34:04.721041+01002058580ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)1192.168.2.11545471.1.1.153UDP
                                                                                                                                                                                                                                2025-01-04T15:34:04.732854+01002058590ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)1192.168.2.11622191.1.1.153UDP
                                                                                                                                                                                                                                2025-01-04T15:34:04.742758+01002058572ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)1192.168.2.11493901.1.1.153UDP
                                                                                                                                                                                                                                2025-01-04T15:34:04.756805+01002058578ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)1192.168.2.11504591.1.1.153UDP
                                                                                                                                                                                                                                2025-01-04T15:34:05.431529+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149706104.102.49.254443TCP
                                                                                                                                                                                                                                2025-01-04T15:34:06.239300+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.1149706104.102.49.254443TCP

                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.787451982 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.787493944 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.787575960 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.791148901 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.791162968 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:05.431382895 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:05.431529045 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:05.466464996 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:05.466485977 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:05.466875076 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:05.515412092 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:05.783344984 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:05.831331015 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.239356041 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.239386082 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.239413977 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.239434004 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.239459038 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.239463091 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.239483118 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.239500046 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.239554882 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.332638979 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.332674980 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.332712889 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.332741022 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.332756996 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.332806110 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.337517023 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.337589025 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.337595940 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.337634087 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.337641001 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.337675095 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.337733030 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.345278978 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.345293045 CET44349706104.102.49.254192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.345305920 CET49706443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.345312119 CET44349706104.102.49.254192.168.2.11

                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.666899920 CET5300053192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.675296068 CET53530001.1.1.1192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.682362080 CET6469753192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.690932989 CET53646971.1.1.1192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.695797920 CET5381853192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.704684973 CET53538181.1.1.1192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.709172964 CET5988753192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.718058109 CET53598871.1.1.1192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.721040964 CET5454753192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.729372978 CET53545471.1.1.1192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.732853889 CET6221953192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.741599083 CET53622191.1.1.1192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.742758036 CET4939053192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.751013994 CET53493901.1.1.1192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.756804943 CET5045953192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.767721891 CET53504591.1.1.1192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.773401022 CET5149553192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.780015945 CET53514951.1.1.1192.168.2.11
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.353148937 CET5432653192.168.2.111.1.1.1
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.363229990 CET53543261.1.1.1192.168.2.11

                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.666899920 CET192.168.2.111.1.1.10xc7bfStandard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.682362080 CET192.168.2.111.1.1.10x4db0Standard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.695797920 CET192.168.2.111.1.1.10xab2Standard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.709172964 CET192.168.2.111.1.1.10xc811Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.721040964 CET192.168.2.111.1.1.10x21b9Standard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.732853889 CET192.168.2.111.1.1.10xa93fStandard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.742758036 CET192.168.2.111.1.1.10xf3c7Standard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.756804943 CET192.168.2.111.1.1.10xc1acStandard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.773401022 CET192.168.2.111.1.1.10xed0dStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.353148937 CET192.168.2.111.1.1.10xf064Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.675296068 CET1.1.1.1192.168.2.110xc7bfName error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.690932989 CET1.1.1.1192.168.2.110x4db0Name error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.704684973 CET1.1.1.1192.168.2.110xab2Name error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.718058109 CET1.1.1.1192.168.2.110xc811Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.729372978 CET1.1.1.1192.168.2.110x21b9Name error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.741599083 CET1.1.1.1192.168.2.110xa93fName error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.751013994 CET1.1.1.1192.168.2.110xf3c7Name error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.767721891 CET1.1.1.1192.168.2.110xc1acName error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:04.780015945 CET1.1.1.1192.168.2.110xed0dNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 4, 2025 15:34:06.363229990 CET1.1.1.1192.168.2.110xf064Name error (3)lev-tolstoi.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                • steamcommunity.com

                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.2.1149706104.102.49.2544436640C:\Users\user\Desktop\ZxSWvC0Tz7.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-04 14:34:05 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                2025-01-04 14:34:06 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                Date: Sat, 04 Jan 2025 14:34:06 GMT
                                                                                                                                                                                                                                Content-Length: 35121
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: sessionid=ac8bafdcc114c79838a6348f; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                2025-01-04 14:34:06 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                2025-01-04 14:34:06 UTC16384INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                2025-01-04 14:34:06 UTC3768INData Raw: 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 22
                                                                                                                                                                                                                                Data Ascii: </div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_persona_name"
                                                                                                                                                                                                                                2025-01-04 14:34:06 UTC490INData Raw: 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 74
                                                                                                                                                                                                                                Data Ascii: r Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div class="bt


                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                                Start time:09:34:02
                                                                                                                                                                                                                                Start date:04/01/2025
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\ZxSWvC0Tz7.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\ZxSWvC0Tz7.exe"
                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                File size:304'640 bytes
                                                                                                                                                                                                                                MD5 hash:430EBBCA8A18195C4CEB1C0A11D6E389
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000001.00000003.1280248883.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000001.00000002.1454359556.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                Start time:09:34:05
                                                                                                                                                                                                                                Start date:04/01/2025
                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 972
                                                                                                                                                                                                                                Imagebase:0xff0000
                                                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:1.6%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:40.8%
                                                                                                                                                                                                                                  Signature Coverage:49.3%
                                                                                                                                                                                                                                  Total number of Nodes:71
                                                                                                                                                                                                                                  Total number of Limit Nodes:3
                                                                                                                                                                                                                                  execution_graph 26287 43cd60 26288 43cd80 26287->26288 26291 43cdbe 26288->26291 26293 43a9b0 LdrInitializeThunk 26288->26293 26289 43ce3e 26291->26289 26294 43a9b0 LdrInitializeThunk 26291->26294 26293->26291 26294->26289 26305 76003c 26306 760049 26305->26306 26320 760e0f SetErrorMode SetErrorMode 26306->26320 26311 760265 26312 7602ce VirtualProtect 26311->26312 26314 76030b 26312->26314 26313 760439 VirtualFree 26318 7605f4 LoadLibraryA 26313->26318 26319 7604be 26313->26319 26314->26313 26315 7604e3 LoadLibraryA 26315->26319 26317 7608c7 26318->26317 26319->26315 26319->26318 26321 760223 26320->26321 26322 760d90 26321->26322 26323 760dad 26322->26323 26324 760dbb GetPEB 26323->26324 26325 760238 VirtualAlloc 26323->26325 26324->26325 26325->26311 26326 43b068 26327 43b080 26326->26327 26329 43b16e 26327->26329 26332 43a9b0 LdrInitializeThunk 26327->26332 26330 43b23f 26329->26330 26333 43a9b0 LdrInitializeThunk 26329->26333 26330->26330 26332->26329 26333->26330 26334 40b44c 26338 40b45a 26334->26338 26339 40b57c 26334->26339 26335 40b65c 26337 43a950 2 API calls 26335->26337 26337->26339 26338->26335 26338->26339 26340 43a950 26338->26340 26341 43a995 26340->26341 26342 43a968 26340->26342 26343 43a976 26340->26343 26346 43a98a 26340->26346 26347 438e70 26341->26347 26342->26341 26342->26343 26345 43a97b RtlReAllocateHeap 26343->26345 26345->26346 26346->26335 26348 438e83 26347->26348 26349 438e94 26347->26349 26350 438e88 RtlFreeHeap 26348->26350 26349->26346 26350->26349 26351 43aecc 26353 43af00 26351->26353 26352 43af7e 26353->26352 26355 43a9b0 LdrInitializeThunk 26353->26355 26355->26352 26356 408790 26358 40879f 26356->26358 26357 408970 ExitProcess 26358->26357 26359 4087b4 GetCurrentProcessId GetCurrentThreadId 26358->26359 26362 40887a 26358->26362 26360 4087da 26359->26360 26361 4087de SHGetSpecialFolderPathW GetForegroundWindow 26359->26361 26360->26361 26361->26362 26362->26357 26363 438e51 RtlAllocateHeap 26364 43ab91 26365 43ab9a GetForegroundWindow 26364->26365 26366 43abad 26365->26366 26367 730000 26370 730006 26367->26370 26371 730015 26370->26371 26374 7307a6 26371->26374 26375 7307c1 26374->26375 26376 7307ca CreateToolhelp32Snapshot 26375->26376 26377 7307e6 Module32First 26375->26377 26376->26375 26376->26377 26378 7307f5 26377->26378 26379 730005 26377->26379 26381 730465 26378->26381 26382 730490 26381->26382 26383 7304a1 VirtualAlloc 26382->26383 26384 7304d9 26382->26384 26383->26384 26384->26384

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 00408790 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4063528623-0
                                                                                                                                                                                                                                  • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                  • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5
                                                                                                                                                                                                                                  Function 007307A6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 129 7307a6-7307bf 130 7307c1-7307c3 129->130 131 7307c5 130->131 132 7307ca-7307d6 CreateToolhelp32Snapshot 130->132 131->132 133 7307e6-7307f3 Module32First 132->133 134 7307d8-7307de 132->134 135 7307f5-7307f6 call 730465 133->135 136 7307fc-730804 133->136 134->133 139 7307e0-7307e4 134->139 140 7307fb 135->140 139->130 139->133 140->136
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 007307CE
                                                                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 007307EE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454359556.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_730000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                  • Instruction ID: a40b399005e8dbe993af39f2e7dc4f6b0b39f52d3d8572c2d46178c924cc3233
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F096351017156FFB203BF9989DB6F76E8AF49765F100528E643910C1DB78FC458AA1
                                                                                                                                                                                                                                  Function 0040B44C Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 176 40b44c-40b453 177 40b4c0 176->177 178 40b7e0-40b7f0 176->178 179 40b4e4 176->179 180 40b4c6-40b4dd 176->180 181 40b7a7-40b7b1 176->181 182 40b4ae 176->182 183 40b4f1-40b502 176->183 184 40b4b4 176->184 185 40b6d7-40b6f5 176->185 186 40b797-40b7a0 176->186 187 40b7f7-40b804 176->187 188 40b738-40b756 176->188 189 40b7b8-40b7d9 176->189 190 40b45a-40b467 176->190 177->180 178->187 193 40b6c6-40b6cf 178->193 194 40b588 178->194 195 40b80b 178->195 196 40b60c 178->196 197 40b48c-40b490 178->197 198 40b58e-40b5af 178->198 199 40b650-40b65f call 43a950 178->199 200 40b811-40b82b call 43c280 178->200 201 40b854 178->201 202 40b5d5-40b5dc 178->202 203 40b697-40b699 178->203 204 40b620-40b627 178->204 205 40b4a0-40b4a6 178->205 206 40b862 178->206 207 40b662-40b670 call 43a950 178->207 208 40b6a4-40b6c5 178->208 209 40b46e-40b483 call 43c280 178->209 210 40b870-40b880 178->210 211 40b630-40b634 178->211 212 40b5f0-40b605 178->212 213 40b570-40b575 178->213 214 40b5b0-40b5cd 178->214 215 40b830-40b84c call 43c280 178->215 216 40b679 178->216 217 40b63b-40b63f 178->217 218 40b57c-40b57f 178->218 219 40b67e-40b695 call 43c280 178->219 179->183 180->178 180->179 180->181 180->183 180->185 180->186 180->187 180->188 180->189 180->193 180->194 180->195 180->196 180->197 180->198 180->199 180->200 180->201 180->202 180->203 180->204 180->205 180->206 180->207 180->208 180->209 180->210 180->211 180->212 180->213 180->214 180->215 180->216 180->217 180->218 180->219 181->189 181->197 181->203 181->205 181->208 181->209 181->219 182->184 220 40b510-40b562 183->220 184->177 191 40b700-40b71c 185->191 186->178 186->181 186->187 186->189 186->193 186->194 186->195 186->196 186->197 186->198 186->199 186->200 186->201 186->202 186->203 186->204 186->205 186->206 186->207 186->208 186->209 186->210 186->211 186->212 186->213 186->214 186->215 186->216 186->217 186->218 186->219 187->195 187->197 187->200 187->201 187->203 187->205 187->208 187->209 187->215 187->219 192 40b760-40b77c 188->192 189->178 189->187 189->193 189->194 189->195 189->196 189->197 189->198 189->199 189->200 189->201 189->202 189->203 189->204 189->205 189->206 189->207 189->208 189->209 189->210 189->211 189->212 189->213 189->214 189->215 189->216 189->217 189->218 189->219 190->197 190->205 190->208 190->209 191->191 226 40b71e-40b732 191->226 192->192 227 40b77e-40b792 192->227 193->185 196->204 197->205 198->214 199->207 200->215 233 40b85d 201->233 202->195 202->197 202->200 202->201 202->203 202->205 202->208 202->209 202->212 202->215 202->216 202->218 202->219 224 40b69b 203->224 204->194 204->195 204->197 204->198 204->200 204->201 204->202 204->203 204->205 204->208 204->209 204->211 204->213 204->214 204->215 204->216 204->218 204->219 205->182 207->216 209->197 211->217 212->194 212->195 212->196 212->197 212->198 212->199 212->200 212->201 212->202 212->203 212->204 212->205 212->207 212->208 212->209 212->213 212->214 212->215 212->216 212->218 212->219 213->195 213->197 213->200 213->201 213->203 213->205 213->208 213->209 213->215 213->216 213->218 213->219 214->202 215->201 216->219 234 40b646 217->234 218->194 219->203 220->220 229 40b564-40b567 220->229 224->208 226->188 227->185 229->213 233->224 234->199
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: h d"
                                                                                                                                                                                                                                  • API String ID: 0-862628183
                                                                                                                                                                                                                                  • Opcode ID: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                  • Instruction ID: e7b26040d347b48bd15f509a2e92d141a5522c4f34e33ed28b849909e17f734e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81B1CF79204700CFD3248F74EC91B67B7F6FB4A301F058A7DE99682AA0D774A859CB18
                                                                                                                                                                                                                                  Function 0043A9B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 268 43a9b0-43a9e2 LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                  • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                  Function 0043CD60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                  • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                  • Opcode ID: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                  • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                                                                                                                                  Function 0043B05B Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                  • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                                                                                                                                  Function 0076003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 0 76003c-760047 1 76004c-760263 call 760a3f call 760e0f call 760d90 VirtualAlloc 0->1 2 760049 0->2 17 760265-760289 call 760a69 1->17 18 76028b-760292 1->18 2->1 23 7602ce-7603c2 VirtualProtect call 760cce call 760ce7 17->23 20 7602a1-7602b0 18->20 22 7602b2-7602cc 20->22 20->23 22->20 29 7603d1-7603e0 23->29 30 7603e2-760437 call 760ce7 29->30 31 760439-7604b8 VirtualFree 29->31 30->29 33 7605f4-7605fe 31->33 34 7604be-7604cd 31->34 37 760604-76060d 33->37 38 76077f-760789 33->38 36 7604d3-7604dd 34->36 36->33 42 7604e3-760505 LoadLibraryA 36->42 37->38 43 760613-760637 37->43 40 7607a6-7607b0 38->40 41 76078b-7607a3 38->41 45 7607b6-7607cb 40->45 46 76086e-7608be LoadLibraryA 40->46 41->40 47 760517-760520 42->47 48 760507-760515 42->48 44 76063e-760648 43->44 44->38 50 76064e-76065a 44->50 51 7607d2-7607d5 45->51 56 7608c7-7608f9 46->56 49 760526-760547 47->49 48->49 54 76054d-760550 49->54 50->38 55 760660-76066a 50->55 52 7607d7-7607e0 51->52 53 760824-760833 51->53 57 7607e4-760822 52->57 58 7607e2 52->58 62 760839-76083c 53->62 59 760556-76056b 54->59 60 7605e0-7605ef 54->60 61 76067a-760689 55->61 63 760902-76091d 56->63 64 7608fb-760901 56->64 57->51 58->53 65 76056f-76057a 59->65 66 76056d 59->66 60->36 67 760750-76077a 61->67 68 76068f-7606b2 61->68 62->46 69 76083e-760847 62->69 64->63 70 76057c-760599 65->70 71 76059b-7605bb 65->71 66->60 67->44 72 7606b4-7606ed 68->72 73 7606ef-7606fc 68->73 74 76084b-76086c 69->74 75 760849 69->75 83 7605bd-7605db 70->83 71->83 72->73 77 7606fe-760748 73->77 78 76074b 73->78 74->62 75->46 77->78 78->61 83->54
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0076024D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                  • Instruction ID: e7592e7f84c55ea775e29d54004374ecd9913ce804cec6b547e91cec81f2d018
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B527974A00229DFDB64CF58C984BA9BBB1BF09304F1480D9E90EAB351DB34AE94DF54
                                                                                                                                                                                                                                  Function 0043AB0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 123 43ab0b-43ab1f 124 43ab20-43ab7b 123->124 124->124 125 43ab7d-43abce GetForegroundWindow call 43c7d0 124->125
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ForegroundWindow
                                                                                                                                                                                                                                  • String ID: ilmn
                                                                                                                                                                                                                                  • API String ID: 2020703349-1560153188
                                                                                                                                                                                                                                  • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                  • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                                                                                                                                  Function 00760E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 142 760e0f-760e24 SetErrorMode * 2 143 760e26 142->143 144 760e2b-760e2c 142->144 143->144
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000400,?,?,00760223,?,?), ref: 00760E19
                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000000,?,?,00760223,?,?), ref: 00760E1E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                  • Instruction ID: 39821a217816a7f5344c70d646fc942040b13633ca22255bef99017fbef1404d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89D0123154512877D7003A94DC09BCE7B1CDF05B62F008411FB0DD9080C775994046E5
                                                                                                                                                                                                                                  Function 0043A950 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 252 43a950-43a961 253 43a976-43a988 call 43bf00 RtlReAllocateHeap 252->253 254 43a995-43a996 call 438e70 252->254 255 43a98a-43a993 call 438e30 252->255 256 43a968-43a96f 252->256 263 43a9a0-43a9a2 253->263 262 43a99b-43a99e 254->262 255->263 256->253 256->254 262->263
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B65C,00000000,?), ref: 0043A982
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                  • Opcode ID: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                  • Instruction ID: 722538be6ec62bdfb2320af1aff19aeee9eb7e72755357ed04131fae2c05cc9a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99E0E576414611FBC6001B24BC06B1B3665AF8A721F02183AF440E6115DA38E811859F
                                                                                                                                                                                                                                  Function 0043AB91 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 264 43ab91-43aba8 GetForegroundWindow call 43c7d0 267 43abad-43abce 264->267
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ForegroundWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2020703349-0
                                                                                                                                                                                                                                  • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                  • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                                                                                                                                  Function 00438E70 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 269 438e70-438e7c 270 438e83-438e8e call 43bf00 RtlFreeHeap 269->270 271 438e94-438e95 269->271 270->271
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                                                                  • Opcode ID: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                  • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                                                                                                                                  Function 00438E47 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                  • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                  • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                                                                                                                                  Function 00438E51 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                  • Opcode ID: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                  • Instruction ID: 3dd49d49275fbb255d04589a33f94784ad2ffd24471d3276aa8c957077778349
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AA0223C002200EBC2200B20AC0EF2B3E38FB83B23F000030F00C080B283308000CA2E
                                                                                                                                                                                                                                  Function 00730465 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 007304B6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454359556.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_730000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                  • Instruction ID: 8f5a0cedb830d2c3e58b9a01f406f4acf92335964189f02f799222feb542e4ed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34113C79A40208EFDB01DF98C989E98BBF5AF08750F058094FA489B362D375EA50DF80

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 00794891 Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                  • API String ID: 0-1394229784
                                                                                                                                                                                                                                  • Opcode ID: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                  • Instruction ID: c8f8ca8fb0bc887508ce44dd35a9af19445d2ca9abefccaaf6de982af7198ccc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A22582190D7E9CDEB26C638CC487DDBEA15B56314F0841D9C19D6B3C2D7BA0B89CB26
                                                                                                                                                                                                                                  Function 0043462A Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                  • API String ID: 0-1394229784
                                                                                                                                                                                                                                  • Opcode ID: 056a6b09ac1f0b8069d8e0856d928db892cc49fb58976f7f6017e888c085083b
                                                                                                                                                                                                                                  • Instruction ID: 78fde7a8102a4a25e3d516c1edb5f9b2f063fdb03dbd0bbcca9d4d838a68c62c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 056a6b09ac1f0b8069d8e0856d928db892cc49fb58976f7f6017e888c085083b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F22472190D7E9CDEB26C638CC587DDBEA15B56314F0841D9C19D6B3C2C7BA0B89CB26
                                                                                                                                                                                                                                  Function 007942FF Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                  • API String ID: 0-334816167
                                                                                                                                                                                                                                  • Opcode ID: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                  • Instruction ID: b20f2bbfae0445fc1016ff3b85890c4418db995ccb61bd3e0f38e53413c5410b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACF1C221D087E98ADB32C6BC88443CDAFA15B53324F1943D9D4E9AB3D2D6790A46CB52
                                                                                                                                                                                                                                  Function 00434098 Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                  • API String ID: 0-334816167
                                                                                                                                                                                                                                  • Opcode ID: 4d803b101157e4a712cc0ef110f4861eff536f857bbb1a7cf2d313a64b91ceb8
                                                                                                                                                                                                                                  • Instruction ID: 4ba09c738a8091425718d315f50eff196f5ba60e1b3feeb24fdbf3622366560b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d803b101157e4a712cc0ef110f4861eff536f857bbb1a7cf2d313a64b91ceb8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF1E521D087E98ADB32C67C8C443CDBFA15B97324F1943D9D4E9AB3D2C6780A46CB56
                                                                                                                                                                                                                                  Function 004361E0 Relevance: 32.1, APIs: 10, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                  • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                  • API String ID: 2485776651-4124187736
                                                                                                                                                                                                                                  • Opcode ID: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                  • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A
                                                                                                                                                                                                                                  Function 00796447 Relevance: 28.6, APIs: 8, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CoCreateInstance.COMBASE(0043F68C,00000000,00000001,0043F67C), ref: 00796675
                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(FA46F8B5), ref: 007966D1
                                                                                                                                                                                                                                  • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0079670E
                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(w!s#), ref: 00796762
                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(A3q5), ref: 00796808
                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0079687A
                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 007969DC
                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00796A1A
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: String$Alloc$Variant$BlanketClearCreateFreeInitInstanceProxy
                                                                                                                                                                                                                                  • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                  • API String ID: 2775254435-4124187736
                                                                                                                                                                                                                                  • Opcode ID: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                  • Instruction ID: aacb94e5b6902dca10142dd239fb20b1207a0b89a9e32366eeec7bbb376a75d2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD12DBB2A083409BD714CF28D885B6BBBE6FFC5314F148A2CF595DB291D778D9058B82
                                                                                                                                                                                                                                  Function 004310D0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                  • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                  • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                  • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                  • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                                                                                                                                  Function 00769497 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                  • API String ID: 0-2345621967
                                                                                                                                                                                                                                  • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                  • Instruction ID: e7d93a2333a5bd91ea953b9bb803d2d3a7f74072601c5d68d7fa36d1b284176f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4C1387150C3958BD315CF25C4A076BBFE1AFD2344F1885ACE8E21B782D63D890ACB62
                                                                                                                                                                                                                                  Function 00409230 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                  • API String ID: 0-2345621967
                                                                                                                                                                                                                                  • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                  • Instruction ID: bfc0c3310975af71fded0e8a17bd930ed1ccefcf7fefaebca231936fe6ab8075
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47C1367150C3958BD315CE2584A036BBFE1AFD6304F1889BDE4E11B386D63D8D0ACBA6
                                                                                                                                                                                                                                  Function 0076FC64 Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                  • API String ID: 0-2174627302
                                                                                                                                                                                                                                  • Opcode ID: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                  • Instruction ID: fcaf07d8d8bc07838f6cb8d70578835e9462ca8ebe408ec45dbbe03186d5c849
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E072AE7160C780CFD7249F38C4993AEBBE1ABD6354F188A2ED5DA87382D6798445CB43
                                                                                                                                                                                                                                  Function 0040F9FD Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                  • API String ID: 0-2174627302
                                                                                                                                                                                                                                  • Opcode ID: fa95428c970c30a1efb578d72b7ddf9eb6b82f5b934b73145c579ff54d310729
                                                                                                                                                                                                                                  • Instruction ID: 9695cd9248a7320cbd761fb78df0a02734abf8995342c504889e395b39462be9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa95428c970c30a1efb578d72b7ddf9eb6b82f5b934b73145c579ff54d310729
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E728E7160C7818BD3249F38C4953AFBBE2ABD5314F194A3EE5D9873D2D67884858B07
                                                                                                                                                                                                                                  Function 00788108 Relevance: 14.2, Strings: 11, Instructions: 461COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: *B)$*B)$<=$O)O+$Q5Z7$T!M#$U1D3$V%G'$XY$\9X;$p-B/
                                                                                                                                                                                                                                  • API String ID: 0-898000180
                                                                                                                                                                                                                                  • Opcode ID: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                  • Instruction ID: 8693bc0d78c52714e3e5fdabfc41032221610ce7acc5101b0c2866580c5ab8ff
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71C111B12883518BD724DF58C89166BB7F2EFD2714F488A5CE8D68B750E738C902C796
                                                                                                                                                                                                                                  Function 00783C9B Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                  • API String ID: 0-2246970021
                                                                                                                                                                                                                                  • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                  • Instruction ID: b3efef15784599848394130c7b7ed645081320c9b80b3a624401ad7e448d698e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B73243B0601B469FDB48CF26D580389BBB1FF45300F548698C9595FB5ADB35A892CFC0
                                                                                                                                                                                                                                  Function 00423A34 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                  • API String ID: 0-2246970021
                                                                                                                                                                                                                                  • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                  • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                                                                                                                                  Function 00425E90 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 648COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: *mB$67$@iB$V3R5
                                                                                                                                                                                                                                  • API String ID: 0-119712241
                                                                                                                                                                                                                                  • Opcode ID: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                  • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                                                                                                                                  Function 00781347 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                  • API String ID: 0-1072848446
                                                                                                                                                                                                                                  • Opcode ID: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                  • Instruction ID: 85e628f58d07a4ec3e2fa790bca655573e1c1def122d3a6c16bde2f93105ed0b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8822D27164C7808FD324EF38C45536EBBE5AB86324F548A2DE4DA87392D7799842CB43
                                                                                                                                                                                                                                  Function 004210E0 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                  • API String ID: 0-1072848446
                                                                                                                                                                                                                                  • Opcode ID: b818ee9c67694a0f4bc9b807532e0d54e79f31c8e805177f741268a403b11b31
                                                                                                                                                                                                                                  • Instruction ID: 7f4f8c271271a0ee30063bf5d57d9afa0b4a7bb7edff0777766b2e5d54dfe869
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b818ee9c67694a0f4bc9b807532e0d54e79f31c8e805177f741268a403b11b31
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF22E17160C3A08FD320DF28D44436FBBE1ABD6314F598A2EE5D9873A1D77988458B4B
                                                                                                                                                                                                                                  Function 004205B0 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                                                                                                                                  • API String ID: 0-2430453506
                                                                                                                                                                                                                                  • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                  • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                                                                                                                                  Function 0078C8B1 Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                  • API String ID: 0-3264166258
                                                                                                                                                                                                                                  • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                  • Instruction ID: c988f17566dbea5e63cdffd5e95d980c33b20008371b1385569c091ba7f8e749
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04B1E97124C3818BD329CF2984917BBFBD2AFD2314F188A6DD4D98B291DB788549C723
                                                                                                                                                                                                                                  Function 0042C64A Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                  • API String ID: 0-3264166258
                                                                                                                                                                                                                                  • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                  • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                                                                                                                                  Function 007689F7 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00768A1B
                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00768A25
                                                                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00768AC2
                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00768AD7
                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00768BD9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4063528623-0
                                                                                                                                                                                                                                  • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                  • Instruction ID: 6286e51b9a1918428c84ae29111d60edf291d272c6a9b99bf6c7162658f47d96
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED418CB7F4430847D71CAEB4DC9A3AAB69A9BC4314F0A803E6D86AB390DDBC5C0552D1
                                                                                                                                                                                                                                  Function 00422E93 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: )*$X9{;$r1B
                                                                                                                                                                                                                                  • API String ID: 0-1001561910
                                                                                                                                                                                                                                  • Opcode ID: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                  • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A
                                                                                                                                                                                                                                  Function 0041BEA0 Relevance: 6.9, Strings: 5, Instructions: 684COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: -$C\$Iz$[^$de
                                                                                                                                                                                                                                  • API String ID: 0-3020956940
                                                                                                                                                                                                                                  • Opcode ID: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                  • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                                                                                                                                  Function 00780817 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &'$0c=e$2g1i$<k;m$wy
                                                                                                                                                                                                                                  • API String ID: 0-3335612808
                                                                                                                                                                                                                                  • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                  • Instruction ID: 95160c03c828fc56803c07f0afc766aab76f180433f232e3e55eb38c9963d429
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8BD107B56483018BD724DF25CC5276BB7F2EFA2314F189A2CE4828B394E77C9805C792
                                                                                                                                                                                                                                  Function 0078C94B Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                  • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                  • Instruction ID: 004d2ed4f7d58954f6c65c8e512ec00a558eca00f01d4fa65f4c481d34692426
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5A1FB7124C3818BE369DF2984917ABFFD2AFD2304F18896DD4D98B291DB788449C727
                                                                                                                                                                                                                                  Function 0042C6E4 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                  • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                  • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                                                                                                                                  Function 0078C99C Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                  • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                  • Instruction ID: 88acc5f299937788e1564ca9c2ff65ae4e95d404fbbc3369fa139efcb5a1c067
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52A10C7024C3818FE369CF2984917ABBBD2AFD2304F18896DD4D98B291DB788449C763
                                                                                                                                                                                                                                  Function 0042C735 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                  • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                  • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                                                                                                                                  Function 0078C98D Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                  • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                  • Instruction ID: 014c8490230076ab189a6f81696fa4e8144dd2b069f65c185177556532bd540a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36A1D77124C3818ED325CF2984917ABFFD2AFD2304F288A6DD4D98B291DB788449C767
                                                                                                                                                                                                                                  Function 0042C726 Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                  • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                  • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                                                                                                                                  Function 00415298 Relevance: 6.1, Strings: 4, Instructions: 1123COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: in~x$kmbj$ydij$Z\
                                                                                                                                                                                                                                  • API String ID: 0-979945983
                                                                                                                                                                                                                                  • Opcode ID: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                  • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55
                                                                                                                                                                                                                                  Function 0077E1E7 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                  • API String ID: 0-3432275560
                                                                                                                                                                                                                                  • Opcode ID: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                  • Instruction ID: 15102f8aca74c537e90ebabf698b0071365c9ebbc3bbd1a2d2d686f9c4f8d151
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96423B7150C3908FCB25DF28C85076EBFE1AF96354F0886ADE8E95B392D7398905CB52
                                                                                                                                                                                                                                  Function 0041DF80 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                  • API String ID: 0-3432275560
                                                                                                                                                                                                                                  • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                  • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                                                                                                                                  Function 0078B75E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                  • API String ID: 0-261129489
                                                                                                                                                                                                                                  • Opcode ID: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                  • Instruction ID: 18c55217f9a7f2f095e7a3f175347a550093f33cf713d596ffc94834aa9e3fd2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5E1F67125D3C18BE725CF29C4517BABFD2EF92304F18896DD0D98B292DB39840AC722
                                                                                                                                                                                                                                  Function 0042B4F7 Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                  • API String ID: 0-261129489
                                                                                                                                                                                                                                  • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                  • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                                                                                                                                  Function 0078B763 Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                  • API String ID: 0-261129489
                                                                                                                                                                                                                                  • Opcode ID: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                  • Instruction ID: 94a9d1dfb25cdfa41754d242defbf5ddf3a32625860e6121fb0dd8954cf80d59
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0E1C37155D3C18AE775CF2584607BBBFD6AFD2304F1888ADC1D98B292DB39450ACB22
                                                                                                                                                                                                                                  Function 0042B4FC Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                  • API String ID: 0-261129489
                                                                                                                                                                                                                                  • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                  • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56
                                                                                                                                                                                                                                  Function 00418578 Relevance: 5.5, Strings: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                                                                                                                                  • API String ID: 0-2418547040
                                                                                                                                                                                                                                  • Opcode ID: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                  • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                                                                                                                                  Function 00423410 Relevance: 5.4, Strings: 4, Instructions: 415COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: #$$+oQ$?{;}$DF
                                                                                                                                                                                                                                  • API String ID: 0-1090792222
                                                                                                                                                                                                                                  • Opcode ID: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                  • Instruction ID: f8f0a3fc3e126b0df0e9da8d66218e0bc810a6f9e0fb1804998ec3192ea1b230
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34E102B4E043549FEB10DF28D942B5EBBB0FB86304F1085ADE598AB381D7758946CF86
                                                                                                                                                                                                                                  Function 00431839 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MetricsSystem
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                  • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                  • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96
                                                                                                                                                                                                                                  Function 0076D25A Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                  • API String ID: 0-483502859
                                                                                                                                                                                                                                  • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                  • Instruction ID: dff320c18a8cabb9cb89f3dc13567e00c98187732b4049f2fa66064c4ca2fdcb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7A1A1B56107818FD728CF29C590A62BBF2EF96304B19959DC4D68F766DB38E802CB10
                                                                                                                                                                                                                                  Function 0040CFF3 Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                  • API String ID: 0-483502859
                                                                                                                                                                                                                                  • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                  • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54
                                                                                                                                                                                                                                  Function 0077C1AC Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: -$C\$Iz$[^
                                                                                                                                                                                                                                  • API String ID: 0-2105564891
                                                                                                                                                                                                                                  • Opcode ID: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                  • Instruction ID: b729dc7068cd3e04f605342793497bdc9cf1554bface7fd9f127bf502947a180
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D581AAB264C3509FD708CFA9885185FFBE2EFD5300F59C86CF0E98B251D67996168B82
                                                                                                                                                                                                                                  Function 00796107 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: T$U$V$k
                                                                                                                                                                                                                                  • API String ID: 0-1255220828
                                                                                                                                                                                                                                  • Opcode ID: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                  • Instruction ID: 4cc8a794181fa2ada0d4a2aeb3a782763c41cfbc7c6dff6edfd6f8cc31d81ee9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EA1253110C7908FCB04DB78A89422EBBD26BD6328F194B2DE5E6873D2D679CA45C707
                                                                                                                                                                                                                                  Function 00435EA0 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: T$U$V$k
                                                                                                                                                                                                                                  • API String ID: 0-1255220828
                                                                                                                                                                                                                                  • Opcode ID: d7e9605b728d24d94aa6476dc2bc71a6c7b696767e3fd5b61d48fe4e4e80319c
                                                                                                                                                                                                                                  • Instruction ID: 419b7bd8d768cf5a93220c289582c9eeb00d0d40764b4ee896287773b3a375b3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7e9605b728d24d94aa6476dc2bc71a6c7b696767e3fd5b61d48fe4e4e80319c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CA1043110C7918BD708CB38985022FBBE25BDA324F1A9B2EE4E6473D2D679C945C74B
                                                                                                                                                                                                                                  Function 004156A0 Relevance: 4.4, Strings: 3, Instructions: 617COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: in~x$kmbj$ydij
                                                                                                                                                                                                                                  • API String ID: 0-2624003027
                                                                                                                                                                                                                                  • Opcode ID: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                  • Instruction ID: f79569228283954ad57b9a6cc496d73d61da5c1ffc761606bfa780fd5c95cafa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A91245B5600A01CFC7248F24D8D16A7BBA2FF96314F18857ED4968B396E738E842CB55
                                                                                                                                                                                                                                  Function 0077144C Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 0$V$e
                                                                                                                                                                                                                                  • API String ID: 0-3964817793
                                                                                                                                                                                                                                  • Opcode ID: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                  • Instruction ID: aff4362b17d87c8691f7425f90c35a87c063b296a7ad1e45d0a4cb3d7d7c2cc2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD22C87150D7808BD7289F3C84953AEBBE1ABD5360F598B2DD9EE873D1D6388901CB42
                                                                                                                                                                                                                                  Function 004111E5 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 0$V$e
                                                                                                                                                                                                                                  • API String ID: 0-3964817793
                                                                                                                                                                                                                                  • Opcode ID: 9207e5ff9b94fdf015fcac0bd88a7bc55f734a6a516d8fe41e33a64d42c49df1
                                                                                                                                                                                                                                  • Instruction ID: 59230c03b5a3a3693ef44b30c97d38267524f76adfdce6de0efbbb4ceb4d7fde
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9207e5ff9b94fdf015fcac0bd88a7bc55f734a6a516d8fe41e33a64d42c49df1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9822E77290C7408BD724DF38C4913AEBBD2ABD5324F194A2EE5E9973D1DA388941CB47
                                                                                                                                                                                                                                  Function 00426054 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 67$V3R5$dB
                                                                                                                                                                                                                                  • API String ID: 0-2543814982
                                                                                                                                                                                                                                  • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                  • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                                                                                                                                  Function 007787DF Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: "w+y$?TUV$DX8Z
                                                                                                                                                                                                                                  • API String ID: 0-3307990326
                                                                                                                                                                                                                                  • Opcode ID: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                  • Instruction ID: 6eb9509e6122fd88c05db159d905e953b75c8b5cd8a2cabdeacf773f1ff57eaa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 068101716407128FCB68CF29C890622B3F2FF95750B1AC59DC8864FB65EB38E841CB46
                                                                                                                                                                                                                                  Function 0076092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                  • API String ID: 0-2784972518
                                                                                                                                                                                                                                  • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                  • Instruction ID: 52a8625eeb5e35589fad2920a7e9102daf3ac7dca217ec68041748f46f15583f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6316AB6900709DFDB10CF99C884AAEBBF9FF48324F24414AD842A7351D775EA45CBA4
                                                                                                                                                                                                                                  Function 007799D7 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                  • API String ID: 0-936430989
                                                                                                                                                                                                                                  • Opcode ID: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                  • Instruction ID: a4d1fa2990ee81eb6516632aa6705eb5eb8856210311bdc4357586ac62c0d283
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F822974609340ABEB14CF24D880B2FBBE2EBD6754F28C92CE18987291D779DC41DB56
                                                                                                                                                                                                                                  Function 00419770 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                  • API String ID: 2994545307-936430989
                                                                                                                                                                                                                                  • Opcode ID: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                  • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                                                                                                                                  Function 00764F17 Relevance: 3.3, Strings: 2, Instructions: 833COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 0$8
                                                                                                                                                                                                                                  • API String ID: 0-46163386
                                                                                                                                                                                                                                  • Opcode ID: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                  • Instruction ID: 7cb395f76184ea5ac3bde8475a14caac6b6f7357e42c35863de0955fbfe420ba
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 317248716087419FD714CF18C890BABBBE1BF98314F14892DF98A8B391D379D948DB92
                                                                                                                                                                                                                                  Function 00404CB0 Relevance: 3.3, Strings: 2, Instructions: 830COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 0$8
                                                                                                                                                                                                                                  • API String ID: 0-46163386
                                                                                                                                                                                                                                  • Opcode ID: 4a1679b1ec6b189f795d9c5b02610133d219a386716e0426a2a93a15927b1180
                                                                                                                                                                                                                                  • Instruction ID: 609250a14e22a90349541087af7877dc8bc6450c5d92d768f7b92ab3cc153af1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a1679b1ec6b189f795d9c5b02610133d219a386716e0426a2a93a15927b1180
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D7213716087409FD714CF18C880BABBBE1AF88314F14892EF9999B391D379D948DF96
                                                                                                                                                                                                                                  Function 0076DF8C Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Uninitialize
                                                                                                                                                                                                                                  • String ID: PT
                                                                                                                                                                                                                                  • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                  • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                  • Instruction ID: 3a19bc081dd2c48ed0add718ed0741fc7e8bce676b13daf0193c25830280062d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21A1B1B85087818FD7268F29C490A62BFE1EF57300B19969CC8D24FBA6D339D805CB15
                                                                                                                                                                                                                                  Function 0040DD25 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Uninitialize
                                                                                                                                                                                                                                  • String ID: PT
                                                                                                                                                                                                                                  • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                  • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                  • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                                                                                                                                  Function 004223B8 Relevance: 3.3, Strings: 2, Instructions: 772COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: "*B$B*B
                                                                                                                                                                                                                                  • API String ID: 0-3938277345
                                                                                                                                                                                                                                  • Opcode ID: ca0737ad3b4449c2b88f5e3ab455cb045f7dc09c4e14c18ef94007a83bd96a02
                                                                                                                                                                                                                                  • Instruction ID: c0ff169c622c87bee100c6609ea31c9af3570951461718032b7520edbb3c94ef
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca0737ad3b4449c2b88f5e3ab455cb045f7dc09c4e14c18ef94007a83bd96a02
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53421276A00211DFCB18CF68DC90AAEB7B2FF49310F598179E905AB395D734AD11CB84
                                                                                                                                                                                                                                  Function 00437399 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: .$kl
                                                                                                                                                                                                                                  • API String ID: 0-2631956018
                                                                                                                                                                                                                                  • Opcode ID: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                  • Instruction ID: 6e525d0f0299ed0e456b3adafb39e2bcab09d4ef44449d93680b2b5d8b67f0fb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FE1173A218709CBCB189F78EC5127A73F1FF4A741F4A887DD8818B2A1E7B99950C714
                                                                                                                                                                                                                                  Function 0076ABA7 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: BE$de
                                                                                                                                                                                                                                  • API String ID: 0-1272349043
                                                                                                                                                                                                                                  • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                  • Instruction ID: 56a6b2b841a300b207813dbce6bc5134fb03d11aa63b8228a1bfd5e65d0f184c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80D11A7165C3548BD724DF2888516AFFBE2EFC6304F18492CE8D29B391D679C906CB92
                                                                                                                                                                                                                                  Function 0040A940 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: BE$de
                                                                                                                                                                                                                                  • API String ID: 0-1272349043
                                                                                                                                                                                                                                  • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                  • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                                                                                                                                  Function 007645D7 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: )$IEND
                                                                                                                                                                                                                                  • API String ID: 0-707183367
                                                                                                                                                                                                                                  • Opcode ID: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                  • Instruction ID: a6268efec305f6bf58b2c090de52c65259a9f482267aa66e2265b1ff0a49e9ef
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32D18DB1908344AFE720DF14C845B5BBBE4AF95304F14892DFD9A9B381D779E908CB92
                                                                                                                                                                                                                                  Function 004239F2 Relevance: 2.8, Strings: 2, Instructions: 296COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: +oQ$?{;}
                                                                                                                                                                                                                                  • API String ID: 0-1414831546
                                                                                                                                                                                                                                  • Opcode ID: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                  • Instruction ID: f7e0cf01948a060ca3ae4ae96257901d3d9473cfc3be429b8585dccf822635a3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCB1BFB4E043189FEB20DF68D942B9EBBB0FB45304F1081ADE158AB381D7758946CF96
                                                                                                                                                                                                                                  Function 0078B427 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Fg$RU]l
                                                                                                                                                                                                                                  • API String ID: 0-3680832515
                                                                                                                                                                                                                                  • Opcode ID: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                  • Instruction ID: 89273e5430aff34ac032f470643b490bd4b4c665e0c07d1b101661318d71bd88
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F271E67125D3C08BE7798F24C8657EABBD2EBD2314F18896DD0D947292DB39440ACB12
                                                                                                                                                                                                                                  Function 0042B1C0 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Fg$RU]l
                                                                                                                                                                                                                                  • API String ID: 0-3680832515
                                                                                                                                                                                                                                  • Opcode ID: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                  • Instruction ID: 6f8db59bce85ef316af4e5eced37d01641f7d5c841364d3efc2c21db6cf2a903
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2171087120D3808BE7398F25D8A57EB7BD2EBD2304F58996DC0C987392DB78440ACB56
                                                                                                                                                                                                                                  Function 004256F9 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: O28+$h
                                                                                                                                                                                                                                  • API String ID: 0-657163135
                                                                                                                                                                                                                                  • Opcode ID: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                  • Instruction ID: 943cae955c8ebe7c4b26d457fd1afafbf5e793f4316e69c7cecf830d1c43eab0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B561BE32B887258BD3149A38A8901B7F791EB55350F88473EDD96873C2E63C9D09C3DA
                                                                                                                                                                                                                                  Function 0079CD87 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$ihgf
                                                                                                                                                                                                                                  • API String ID: 0-73152791
                                                                                                                                                                                                                                  • Opcode ID: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                  • Instruction ID: 595ad9b0ea7decbf1bb4f4225707555b56455a31e25d85494e84a6148b3859f4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 584125B1A043018BDF15CF24D85267BB7B6FF92318F14862CE4869B291E7399805CBC6
                                                                                                                                                                                                                                  Function 0043CB20 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: @$ihgf
                                                                                                                                                                                                                                  • API String ID: 2994545307-73152791
                                                                                                                                                                                                                                  • Opcode ID: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                  • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                                                                                                                                  Function 0077554C Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Z\$^P
                                                                                                                                                                                                                                  • API String ID: 0-3724859648
                                                                                                                                                                                                                                  • Opcode ID: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                  • Instruction ID: 496dc59125ddd06c443293f6c20cd04f6397ebffead449a8d820f36320939d83
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 394113B1A11A00CFCB18CF24C892A62B7B2FF49354B06C69CD49B8F760E778E911CB15
                                                                                                                                                                                                                                  Function 0042750D Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: AzB$`rB
                                                                                                                                                                                                                                  • API String ID: 0-365317308
                                                                                                                                                                                                                                  • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                  • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                                                                                                                                  Function 00427326 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: AzB$`rB
                                                                                                                                                                                                                                  • API String ID: 0-365317308
                                                                                                                                                                                                                                  • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                  • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                                                                                                                                  Function 00417582 Relevance: 2.2, Strings: 1, Instructions: 985COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: c$
                                                                                                                                                                                                                                  • API String ID: 0-2516980088
                                                                                                                                                                                                                                  • Opcode ID: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                  • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                                                                                                                                  Function 00799A97 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                                  • API String ID: 0-1993550816
                                                                                                                                                                                                                                  • Opcode ID: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                  • Instruction ID: 00d71774006cbc800b8e1342c32fbd70e0072c17c74e37806da8435682e64bab
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D22F3756093419FEB14CF29D880B2BBBE2BBD5314F188A2CE5D587391DB78D805CB92
                                                                                                                                                                                                                                  Function 00439830 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                                  • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                  • Opcode ID: b46a8015aa8989e18fcfc994abe159656f3f5075906cadacb80bce7823f6c0cd
                                                                                                                                                                                                                                  • Instruction ID: c6061003a35e321c419c30bd02a3c4e1c0b56f4f8cbc670ef9e4360bbe252bef
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b46a8015aa8989e18fcfc994abe159656f3f5075906cadacb80bce7823f6c0cd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7722EF756083518FD718CF25C880A2BBBE2BBC9314F199A2DE4D587391DBB4EC06CB46
                                                                                                                                                                                                                                  Function 00415F66 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: A67H
                                                                                                                                                                                                                                  • API String ID: 0-3389657328
                                                                                                                                                                                                                                  • Opcode ID: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                  • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                                                                                                                                  Function 00778F35 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: [
                                                                                                                                                                                                                                  • API String ID: 0-3878419350
                                                                                                                                                                                                                                  • Opcode ID: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                  • Instruction ID: 87f0cb8630fee973073e6a00c7df3ee51172347ef016125e7d612a4f8cb0a9a6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7022075601702CBCB24CF29C8D1662B7F2FF96354B19C59CC58A4BBA5EB39E812CB50
                                                                                                                                                                                                                                  Function 00796E67 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ,)*k
                                                                                                                                                                                                                                  • API String ID: 0-1228391949
                                                                                                                                                                                                                                  • Opcode ID: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                  • Instruction ID: fbb9dc818e58c9a39501794fa85de263f51a772f32779f2b39c36ec502e531ee
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19C16875A1C3109BDB28DF24E884A3FBBE2ABD6714F188A2CF58557691D739DC00C792
                                                                                                                                                                                                                                  Function 00436C00 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: ,)*k
                                                                                                                                                                                                                                  • API String ID: 2994545307-1228391949
                                                                                                                                                                                                                                  • Opcode ID: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                  • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                                                                                                                                  Function 00427DA2 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: m
                                                                                                                                                                                                                                  • API String ID: 0-3775001192
                                                                                                                                                                                                                                  • Opcode ID: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                  • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                                                                                                                                  Function 0077C921 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                                  • API String ID: 0-1505114982
                                                                                                                                                                                                                                  • Opcode ID: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                  • Instruction ID: 4d453d8129057d3f589e7f836ddcf1bc01a686630fab3d44511615c751c56db8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EC128B1D00215CBCB25CF29C8526BBB7B1FF99350F19C25DD899AB790E738A841CB90
                                                                                                                                                                                                                                  Function 00785BF7 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 167H
                                                                                                                                                                                                                                  • API String ID: 0-2704650348
                                                                                                                                                                                                                                  • Opcode ID: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                  • Instruction ID: c590db2e1d702407b7201aac1930a18297742b3da7a4011468c9552d674b1720
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7D19B726847048BD718EF288C816ABB792EFD5310F19862CE9858B3C1E73DDD098786
                                                                                                                                                                                                                                  Function 00425990 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: 167H
                                                                                                                                                                                                                                  • API String ID: 2994545307-2704650348
                                                                                                                                                                                                                                  • Opcode ID: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                  • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                                                                                                                                  Function 0041C6BB Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                                  • API String ID: 0-1505114982
                                                                                                                                                                                                                                  • Opcode ID: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                  • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                                                                                                                                  Function 00428BE9 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                  • API String ID: 0-2852464175
                                                                                                                                                                                                                                  • Opcode ID: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                  • Instruction ID: 0c29c4f326a3360d4f83cd19facfb249d1e6e8dcfa8d7f8eb9091c930c4cf0c7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69D17634B05254CFDB14CF78E8D16AEBBB2AF1A310F6841BDE5519B392CB384906CB59
                                                                                                                                                                                                                                  Function 00781F77 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &#
                                                                                                                                                                                                                                  • API String ID: 0-1789715784
                                                                                                                                                                                                                                  • Opcode ID: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                  • Instruction ID: 800c6a77e35b645553eb31ecd151ba3204158266136134005aa61a2588d18b6b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75A12772A442109BDB18EB28CC5267BB3E5EF91321F19852CF89697392E73CDD06C356
                                                                                                                                                                                                                                  Function 00421D10 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: &#
                                                                                                                                                                                                                                  • API String ID: 0-1789715784
                                                                                                                                                                                                                                  • Opcode ID: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                  • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                                                                                                                                  Function 0041CB05 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                                  • API String ID: 0-1505114982
                                                                                                                                                                                                                                  • Opcode ID: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                  • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                                                                                                                                  Function 007683C7 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: -
                                                                                                                                                                                                                                  • API String ID: 0-2547889144
                                                                                                                                                                                                                                  • Opcode ID: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                  • Instruction ID: 461f216295cfea5cf7ba76ddc5c37e261e80b03c349fc98ff0460624c79d4a50
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47D1FE71A083554BC7188E29D89026EBBE2AFD1320F18871DEDE7573D6DB3C99458B83
                                                                                                                                                                                                                                  Function 0077C528 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: de
                                                                                                                                                                                                                                  • API String ID: 0-2106599819
                                                                                                                                                                                                                                  • Opcode ID: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                  • Instruction ID: e5c1a5b548e52cce4b08be8deb0a69726b68514ed51f752eea45e728a5d35c7e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61913471908310CBC724DF28C89266BB7F2EF95364F18992CE4DA8B391E7798505C792
                                                                                                                                                                                                                                  Function 0077D4D7 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ~
                                                                                                                                                                                                                                  • API String ID: 0-1707062198
                                                                                                                                                                                                                                  • Opcode ID: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                  • Instruction ID: 787cb4d752f31865c92724124b727a9408f897b7db264c721bf0177a727535ba
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDA13632A042614FCB25CE288C9066AB7E1AFD6364F19C23DECADDB3D1D6349C0697C1
                                                                                                                                                                                                                                  Function 0041D270 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ~
                                                                                                                                                                                                                                  • API String ID: 0-1707062198
                                                                                                                                                                                                                                  • Opcode ID: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                  • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                                                                                                                                  Function 00426E50 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: RpB
                                                                                                                                                                                                                                  • API String ID: 0-664042118
                                                                                                                                                                                                                                  • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                  • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                                                                                                                                  Function 004252BA Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: d1
                                                                                                                                                                                                                                  • API String ID: 0-4211392460
                                                                                                                                                                                                                                  • Opcode ID: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                  • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                                                                                                                                  Function 0079DA97 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: cdef
                                                                                                                                                                                                                                  • API String ID: 0-4216504194
                                                                                                                                                                                                                                  • Opcode ID: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                  • Instruction ID: 90d6a741908ee823f0bba084c054921c86405aa41893afbc6df93541b77a2f87
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4816675B083508FCB24CF24E89196BBBE1EFD6710F198A2CE99557391D739AC01C792
                                                                                                                                                                                                                                  Function 0043D830 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: cdef
                                                                                                                                                                                                                                  • API String ID: 2994545307-4216504194
                                                                                                                                                                                                                                  • Opcode ID: d9e8f1ee42311986f1eec1db1d15d5cb27079d05f35c354e80ab23b15ff2b9d0
                                                                                                                                                                                                                                  • Instruction ID: d704160fc5b89d86d9794d8a66ae716d782a0973953182dc9c1641cf0cee7e05
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9e8f1ee42311986f1eec1db1d15d5cb27079d05f35c354e80ab23b15ff2b9d0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30815471A083108FC718DF24E88096BBBA2EFDA310F19993DE9D557352C735AC05C786
                                                                                                                                                                                                                                  Function 0077734A Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                                                  • API String ID: 0-1553575800
                                                                                                                                                                                                                                  • Opcode ID: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                  • Instruction ID: f63ca229dbb9802ef83173f1acad6965cce6b572e72f8a26f7e168be59f7ace0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A91F371614B428FD718CF38C891BA6B7D2FB86314F18C57DD49ACB7A6DA78A442C740
                                                                                                                                                                                                                                  Function 007777E9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: c$
                                                                                                                                                                                                                                  • API String ID: 0-2516980088
                                                                                                                                                                                                                                  • Opcode ID: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                  • Instruction ID: 42c68d82e6d5ecda803557799509d3d352dc0cfd2408c092d9150bbfab18b244
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB918AB0105741CFEB688F29C4A4762BBB1FF46314F15958CC48A4FBA1E379A846CB95
                                                                                                                                                                                                                                  Function 0078B393 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Fg
                                                                                                                                                                                                                                  • API String ID: 0-875302535
                                                                                                                                                                                                                                  • Opcode ID: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                  • Instruction ID: 5558b141c0349d73d1cb65c326526d74f7c001a71fe251d1d8f0414ecf36ac1f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7281E77121D3808BD769CF24C8657BBBBD3EBD2304F28896DC1C987292DB39440ACB16
                                                                                                                                                                                                                                  Function 0042B12C Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Fg
                                                                                                                                                                                                                                  • API String ID: 0-875302535
                                                                                                                                                                                                                                  • Opcode ID: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                  • Instruction ID: 81bd39487229f81fa75b1a19b8121f8c05985a2d1a0f7b16a24bef680633e699
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F81E47121D3808BE768CF25C8657ABBBD2EBD2304F58896DC1C987392DB38440ACB56
                                                                                                                                                                                                                                  Function 00766117 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                                                                  • API String ID: 0-3772416878
                                                                                                                                                                                                                                  • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                  • Instruction ID: 181d6949988fb18407a9c40a7645f393b2d50cfc0fea934749bb8740d3cf0184
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63B149701093859FC325CF18C99061BFBE0AFA9704F444A2DE5D997342D635EA18CBA7
                                                                                                                                                                                                                                  Function 00405EB0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                                                                  • API String ID: 0-3772416878
                                                                                                                                                                                                                                  • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                  • Instruction ID: 6b9defcb35fa499ff27616791264c6e5e8496363bec20089c87d7e70d31ec12b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72B136701087819FC321CF18C88061BBBE0AFA9704F444E6EF5D997382D635E918CBA7
                                                                                                                                                                                                                                  Function 0077B348 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: js{g
                                                                                                                                                                                                                                  • API String ID: 0-1014319796
                                                                                                                                                                                                                                  • Opcode ID: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                  • Instruction ID: 92c7c0805be1de33ad016bf57bcb62ed264c921dd7baaa0619ef90b7d2e89975
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2813571255B804BEB398F35C8617ABBBE2AB52718F08895CD5C39BF85C778E406CB10
                                                                                                                                                                                                                                  Function 0041B0E1 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: js{g
                                                                                                                                                                                                                                  • API String ID: 0-1014319796
                                                                                                                                                                                                                                  • Opcode ID: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                  • Instruction ID: 14be18684298a51b6f1365b8eea6b5aba3066a4a8cfe6059be97ad669d3f7baa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF815671650B804BE7398F35C8517ABBBE2AB56718F08895DD4D39BB85C378E406CB44
                                                                                                                                                                                                                                  Function 0041714B Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                                                  • API String ID: 2994545307-1553575800
                                                                                                                                                                                                                                  • Opcode ID: edeab19d381afadd31cc405ebd905f0fbf719b22c328d17ebe50dae378019542
                                                                                                                                                                                                                                  • Instruction ID: c6a45f7a1688543314b9a3a30fef6f223fff4d1289bb41df6adbe344278a34bf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edeab19d381afadd31cc405ebd905f0fbf719b22c328d17ebe50dae378019542
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F81D2717147418FD325CB39CC50BA6BBE2AB95308F18C57ED096CB7A6EA78A842C744
                                                                                                                                                                                                                                  Function 0079D557 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                  • API String ID: 0-2948842496
                                                                                                                                                                                                                                  • Opcode ID: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                  • Instruction ID: 94d309218e96f68bda0412514f23afad86c7b4ceed8f756a4e8c200740534673
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7981C3746042019FDB24DF28D881A6BB7F2EFD9314F15852CE5848B3A1EB35EC51CB42
                                                                                                                                                                                                                                  Function 0043D2F0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                  • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                  • Opcode ID: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                  • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                                                                                                                                  Function 007773B2 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                                                  • API String ID: 0-1553575800
                                                                                                                                                                                                                                  • Opcode ID: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                  • Instruction ID: e40412c977f762ad3712a86791533f8bca98d65d01c17b466948ee2404f91765
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2671D371704B418FD719CF39C890766BBD2AB96314F18C57DC49ACB7A6EA78E842C740
                                                                                                                                                                                                                                  Function 0078A637 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                  • Instruction ID: fea64684a224922b9e84ffc992c499190d331ce9f4c110534fba032a24dc4c0e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C71F732B88355ABE715DE2CC88031EBBE2ABC5710F29C52FE49497395E239DC459743
                                                                                                                                                                                                                                  Function 0042A3D0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                  • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                                                                                                                                  Function 00424502 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: DB
                                                                                                                                                                                                                                  • API String ID: 0-3908451873
                                                                                                                                                                                                                                  • Opcode ID: 0ddf0731ddfeaa883e7311870e36d02f96856f6d12ce1652dd7f7008e8803fec
                                                                                                                                                                                                                                  • Instruction ID: 63fe74dcdf674bdd3faef37b2e0283437cd793175f1af46cf0498e51130e9ee1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ddf0731ddfeaa883e7311870e36d02f96856f6d12ce1652dd7f7008e8803fec
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A381B67AF04225CBCB18CF64D8905AEB7B2FFDA710F59806AC841AB355DB349D42CB54
                                                                                                                                                                                                                                  Function 00424A74 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: LB
                                                                                                                                                                                                                                  • API String ID: 0-539997225
                                                                                                                                                                                                                                  • Opcode ID: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                  • Instruction ID: 190c79d128488961cfb389f9b0ffad8fedd0031ada35975bf34f4c17adb32e46
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1618E31B412228BDB18CF29E8A12FBFBE2EF91310B58466ED4574B3C1D7389941D799
                                                                                                                                                                                                                                  Function 0077DFB7 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Y*>
                                                                                                                                                                                                                                  • API String ID: 0-3862480330
                                                                                                                                                                                                                                  • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                  • Instruction ID: 9af25a47963ef0bdcaece9cb0fc3a918ebc167128b10bf379b39f9d44709e6d8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D510A33B599814BDB2CC93C5C222AA6A934BDA274B3DC7BAD4B9CB3E5D5794C054340
                                                                                                                                                                                                                                  Function 0041DD50 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Y*>
                                                                                                                                                                                                                                  • API String ID: 0-3862480330
                                                                                                                                                                                                                                  • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                  • Instruction ID: 90e50e1672eaf7fe8d97f2f09bdb4033b3ef25f85dbdb073c688402916a0328e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C510573F499814BD72C893C5C223EAAA834BD6234B2DD77BE4B2CB3E4D5698C464345
                                                                                                                                                                                                                                  Function 00788009 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: m
                                                                                                                                                                                                                                  • API String ID: 0-3775001192
                                                                                                                                                                                                                                  • Opcode ID: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                  • Instruction ID: 9673d89af42c50cc283e0b8ae20277dd7c7223faaa22364ea60a24ea81aa5317
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 695149B19083408FD720EF68849526FBBE1AFD2314F44892DE5D547352EA3DD909CB93
                                                                                                                                                                                                                                  Function 0079A9DE Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: w
                                                                                                                                                                                                                                  • API String ID: 0-2991200456
                                                                                                                                                                                                                                  • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                  • Instruction ID: 9c6dcb306de72a26b8d6a6cd180e7fdb42e6d699e486b283c7b67d787a35cd6f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 864126B6E116258FD704DFA4CC855ABBB72FB84315B0AC1A8C8847B31AD7786D078BD0
                                                                                                                                                                                                                                  Function 0043A777 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: w
                                                                                                                                                                                                                                  • API String ID: 0-2991200456
                                                                                                                                                                                                                                  • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                  • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                                                                                                                                  Function 0079CFC7 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                  • API String ID: 0-2948842496
                                                                                                                                                                                                                                  • Opcode ID: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                  • Instruction ID: b8a046459e6c72998685c0dffb09656fbaf590693f37393eb99f4080fe12e07c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F310434304300ABEB309F28AC91B3BB7A5EB96714F24452CE58497290D669EC51C656
                                                                                                                                                                                                                                  Function 0079D0F7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                  • API String ID: 0-2948842496
                                                                                                                                                                                                                                  • Opcode ID: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                  • Instruction ID: 05fc3dda4bc190c19706302013b459378ad9ffcf46e7c7e3bcd5c278f8a50790
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79310739344305ABEB208B28ED81B3BB7F5EB96714F25452CE68497291D738EC50C656
                                                                                                                                                                                                                                  Function 0043CE90 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                  • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                  • Opcode ID: eabeb2773ff9bbc58c6c2f5a50c7ebc9f6505f28b325af4d1c0bf5b4a04395ef
                                                                                                                                                                                                                                  • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eabeb2773ff9bbc58c6c2f5a50c7ebc9f6505f28b325af4d1c0bf5b4a04395ef
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                                                                                                                                  Function 00786739 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: dB
                                                                                                                                                                                                                                  • API String ID: 0-2104629891
                                                                                                                                                                                                                                  • Opcode ID: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                  • Instruction ID: 88d28f4539103711ef6104adbc4c901a24cbbd6804f5379e7088d630b29811a1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DA00129A9E6548AD2119F4494927F0F778E31770AF1438289904AB153D196E950864C
                                                                                                                                                                                                                                  Function 004143C2 Relevance: .8, Instructions: 805COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                  • Instruction ID: d6216dced0a3b9436857ee0068e0dff51503e5ecb223af83f8720e1cf69b390d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F02242B56082009FE7149F24EC41B6B73A2FBDB300F55893EF6C487292DA799C41CB4A
                                                                                                                                                                                                                                  Function 00416BA5 Relevance: .7, Instructions: 688COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                  • Instruction ID: 9c79f7e63c480dd40f7a7ccc60d41b21814d9940eb0dc65dd07d8a453e372cf2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16120E35204B018FD325CF29C8907A3BBE2EF9A314F19866DD4DA8B795D738E846CB54
                                                                                                                                                                                                                                  Function 00763207 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                  • Instruction ID: efb84c4624aa3cd9a6e0cf9dbff1e5f4952dc28a516a5873224a08a079deb30e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E52C3715083458FCB15CF29C0906EABBE1BF84318F19866DFC9A5B342D779EA49CB81
                                                                                                                                                                                                                                  Function 00402FA0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f327a0c5f2b0a118ee8c59c5edf028faaa79780a4a5ad180d40342e5d0e74a79
                                                                                                                                                                                                                                  • Instruction ID: b7901f3288d9e4572b9bc57ce4c79cacd886df45a950704f10474c7163005246
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f327a0c5f2b0a118ee8c59c5edf028faaa79780a4a5ad180d40342e5d0e74a79
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE52F4715083458FCB14CF18C0806AABFE1BF89315F18867EF8996B391D778EA49CB85
                                                                                                                                                                                                                                  Function 00766947 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                  • Instruction ID: 3dc21d2e5cce773b1050c76bdba7185f85efe63a8750462bd233ab2aa788cd02
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F352B7B0A087848FEB35CB24C4843A7BBE1BB51314F54492ED9EB46BC2D37DA985C715
                                                                                                                                                                                                                                  Function 004066E0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                  • Instruction ID: f9402e00db0146810cf529bce4eeb96ef771652ee20e7226bad8efb3fef3d353
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA52C7B0A08B848FE735CB24C4843A7BBE1AB51314F15893FD5E716BC2C27DA995C71A
                                                                                                                                                                                                                                  Function 0077F347 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                  • Instruction ID: 4fa8c5cb5c88a8429a259a810c5479079a3875256b090572b3e07d17b2149137
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5624BB0608B818ED325CF3C8855797BFE5AB5A314F048A5DE0EE873D2C7B96405CB66
                                                                                                                                                                                                                                  Function 0041F0E0 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                  • Instruction ID: d272bb6b5d6e2c7a5f0cafe8b1d1f27913d4ef5c9ad92f98558892845c7f91e7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5625CB0608B818ED325CF3C8855797BFE5AB5A314F048A5DE0EE873D2C7B96405CB66
                                                                                                                                                                                                                                  Function 00763C27 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                  • Instruction ID: d227def5b29c52e8e5bce3e7eaa8214cd32b826df0d638a50855b08f04f51b3f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E323370A14B108FC368CF29C59056ABBF1BF55710B644A2EDAA787F90D73AF944CB10
                                                                                                                                                                                                                                  Function 00767717 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                  • Instruction ID: b9bc4f8e27fd1fb9b9d608bc44b2b82a399a4a7f8dbb4c8350ffe26c7b06c91c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B02E53260C7118BC728DF18D8816BBB3E2EFD4349F19892DDD8787285E738A905CB56
                                                                                                                                                                                                                                  Function 004074B0 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                  • Instruction ID: 1131e2afb1b9b7a06d06e0851762e967182e12a53f43e8bd2da4f6050e1e8ff1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C802C732A0C7118BC724DE18D8816ABB3E2EBD4345F19893ED586A73C5D738B815CB4B
                                                                                                                                                                                                                                  Function 004180A9 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: b9cd94a92c7e0d93f0c1db0f6149aa8383bb4963fce823e7fd41077e0e8b1306
                                                                                                                                                                                                                                  • Instruction ID: 6564eefc0a79269b3db00a3a3e2fdb8cf1d61b2510fe7412d98733e2447c0821
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9cd94a92c7e0d93f0c1db0f6149aa8383bb4963fce823e7fd41077e0e8b1306
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CC128342047418FD7258F28C890AA7BBE1FF9B310F58896ED4D6477A2CB75E846CB58
                                                                                                                                                                                                                                  Function 0043C280 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                  • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                                                                                                                                  Function 0043C1F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                  • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                                                                                                                                  Function 00765C57 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                  • Instruction ID: 6661c9b3c4f98fad070a1313d73f267ecdc9bd7cd37b189908bcf7b4b864db73
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27E18A31108745CFC724DF29C880A6BFBE1EF99300F44892DE9DA87752E639E949CB56
                                                                                                                                                                                                                                  Function 004059F0 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                  • Instruction ID: 93b8c5387be001e94cab0129f885dbabef0bc68014b552001e05b684e15851e5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48E19A712087418FD720DF29C880A6BBBE1EF99304F44882EE4D597792E379E944CB96
                                                                                                                                                                                                                                  Function 004166A0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                  • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                                                                                                                                  Function 00428BC0 Relevance: .4, Instructions: 370COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 388e2b6d0a182aa95bd5de263f76d1b454a1f9af5a69695319d1fde35becd882
                                                                                                                                                                                                                                  • Instruction ID: f9929a72ce68a40c3f81f5f1acad1d241ce5af9a0f8176ac8c595b8a2b44423d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 388e2b6d0a182aa95bd5de263f76d1b454a1f9af5a69695319d1fde35becd882
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDD15535B05255CFDB14CFB8E8816AEBBB2AF1A300F58417DE551A7392CB388E05CB59
                                                                                                                                                                                                                                  Function 00779541 Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                  • Instruction ID: ea0345369d4d03f1c09174ce20539517f49e305d722c44614fe0f63a90e8d404
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20A12470211741CFD729CF28C8A5972B7F2EF86314719C69CD5A68F7A6EB38A801CB50
                                                                                                                                                                                                                                  Function 004192DA Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                  • Instruction ID: c7afa36b394fec79d3864c076b52a9d2828a05187d2106694a5d2b7072183649
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30A11571205701CFD329CF28C4A19A777E2FF8A310719869DD4A68B3A5EB38AC41CB54
                                                                                                                                                                                                                                  Function 00769967 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                  • Instruction ID: 11bf0aeacdbc9e1d6a22644a087edb6b5bd103ba7586ffbd4f4c1bce642a0339
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67C105B16083808BD718DF35C850A6FBBE6EFD2304F14492DE9D687292DB79C50ACB56
                                                                                                                                                                                                                                  Function 00409700 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                  • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                                                                                                                                  Function 00414070 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                  • Instruction ID: 3a875cd6648c61770c451858fbf1e99b01c2ef70bfb09da3693ab00193ad4cb1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 478134B15143048BC728DF24D8A26B7B3F0EF95354F08892EE98687391F738D989C766
                                                                                                                                                                                                                                  Function 0077D847 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                  • Instruction ID: c42edd682f276dbb85b8851e32ecbd4a68967a3ea451d1c45f8257685237f0d3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DB1E471908201AFDB219F24CC45B2ABBE1EFD5364F158A3CF8D8A32A0D77A9C15DB41
                                                                                                                                                                                                                                  Function 0041D5E0 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                  • Instruction ID: 4462778536881e7fad7e7429092b9e4e0939b3ac367c8c146f109192ca963606
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22B1E4B5D04301AFD7109F24CC42B5BBBE1ABD5318F144A3EF8D8A32A1D7399945DB8A
                                                                                                                                                                                                                                  Function 00795AF7 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                  • Instruction ID: 2441769425179173b415bd43fe6d017c35457d609e1e3fa45b05ead3b803f9f4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CB15E72E04B918FCB16CA7CCC4169ABFB25B97320B1DC399D4A5DB3D6C6399802C761
                                                                                                                                                                                                                                  Function 00435890 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                  • Instruction ID: 82f263c77167ee55bcd91cd3b2c817a9180a54af617eadf61d99f91933eb0c98
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28B15B72E04B918FC715CA7CCC8169ABFB25B9B230F1DC399D4A5DB3D6C63998028761
                                                                                                                                                                                                                                  Function 007664B7 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                  • Instruction ID: 992e3a8302cca48a03e1e7d9f82f2e8dc4248f020c99f0a1f3d58954d4584729
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9C16DB29087418FC360CF68DC96BABB7E1BF85318F48492DD5DAC6242E778A155CB06
                                                                                                                                                                                                                                  Function 00406250 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                  • Instruction ID: 6c2276beaf566b9a9bdc1ff0447d0761e6db3ed1e3725ba86175889a0c87908a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5C16CB29087418FC360CF28DC96BABB7E1BF85318F09493DD1DAD6242D778A155CB0A
                                                                                                                                                                                                                                  Function 004082AE Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                  • Instruction ID: 9bc7db52ed85e8ce12a1b60bd9a2e1d492efdcd6eda8f0880cc64574571f8d9a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8911D31A087415BC7188E29DDD026EBBD3ABD1320F1D8A3EE8E5273D5DB3C59058B85
                                                                                                                                                                                                                                  Function 00777BA7 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                  • Instruction ID: e65e1cd77bcce9b082cc0fb9999674b65fa1491b66b7dbdb0f98be7c4b8a3e7c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5671F7343086009FDB79CF24C9C1A7AB7A2EF9A354B29C92CD19A47262C735EC42CB54
                                                                                                                                                                                                                                  Function 00799107 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                  • Instruction ID: 8d1c73e654cb09a181620fa6894c2d2f0b7c0d4b0f84cb1ff847348c3abd9c98
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F515476A082419BFB18DF2DDC51A2FBBD2EB95710F19853CE6C2972C1EA399C018746
                                                                                                                                                                                                                                  Function 00438EA0 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: e58758c0c99ce53ee986e1c274d2b7879ae1e66bef164fde616ad3cbe13cbd39
                                                                                                                                                                                                                                  • Instruction ID: 96e128fd99fbf524e2f3ef55e43501592b1a8fdc9f4199c5c04fa81f22471a0d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e58758c0c99ce53ee986e1c274d2b7879ae1e66bef164fde616ad3cbe13cbd39
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96517276A083404FE718DA29CC51B2BB7E3EBD9314F19953EE5C297381DA799C01838A
                                                                                                                                                                                                                                  Function 0079D7E7 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                  • Instruction ID: 411c023bcb3b1142269c7511a55f491ff98bdcc47da9f5dadba80a1b71bc6bff
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1811475608311AFDB649F18D881A6FB7E1EF99320F18852CF9858B391D735EC51CB82
                                                                                                                                                                                                                                  Function 0043D580 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 4e8deb904bd57a38d5db16f622e75ca6e8515c759adf41183e1257d8dc022a60
                                                                                                                                                                                                                                  • Instruction ID: 64328250301a943c4221b3aea1d0af6b203cdad55f8ce28cbce5e8ab6c8a38f2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e8deb904bd57a38d5db16f622e75ca6e8515c759adf41183e1257d8dc022a60
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D812035A08310AFC7248F18D881A6FB7E2EF89314F14992DF9958B391DB35EC51CB86
                                                                                                                                                                                                                                  Function 0077DC47 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                  • Instruction ID: 1af0075a2cadb20180e9178ddf33e422622993a1b3b4c7959f5726549f49ff39
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D971F733B499914BD739893C4C213A66AA30FE6370F2DC77AE5F98B3E5D5A94C058341
                                                                                                                                                                                                                                  Function 0041D9E0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                  • Instruction ID: c9f1a56c5cc6f557c9c63b1b84e3a6a9080bfa3b27e02a379f5ce7dab310694a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75711673B499904BE328893C4C213AB6A830FD6230F2DC77AE5B68B3E5D5698C468345
                                                                                                                                                                                                                                  Function 00799607 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                  • Instruction ID: 0b0a797cc6eae9ee789caf2e9165d2ad02e6be4eb5dc724d6779ff05563f95e8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A613A37B153105BEB18CE6DDC90A2AB7D3ABD9720F19C23CEA95872D0DA78DC018781
                                                                                                                                                                                                                                  Function 004393A0 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e2defeb47ced1666dcc5d40c491d5d47036e27bb510cd2a5827aa3a977f25a96
                                                                                                                                                                                                                                  • Instruction ID: e0a57f83dc16a7a8da3cda248db75e741f620206b22b691e391221bf57496f6d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2defeb47ced1666dcc5d40c491d5d47036e27bb510cd2a5827aa3a977f25a96
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8616837B193105BD718CE69CC9066BB7D2ABCD320F09922EE995833D1CAB88C02C385
                                                                                                                                                                                                                                  Function 0078F397 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                  • Instruction ID: 48028b43f253121c9b967fc0171278e057b8e05f2d2e1c78af9a03a302896612
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86712B37A89AD04BD328A93C4C613AA7A930FD6330F6DC37EE9F5473E5D56948068341
                                                                                                                                                                                                                                  Function 0042F130 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                  • Instruction ID: 93e46a8bd3da194c47575791ec0c02f08c3a6f4472264f5d459ff5c5938f4a7b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF712827B49AA04BD318893C5C612A66AA30FD2330FEDC77FE9F1473D5D5694C0A8359
                                                                                                                                                                                                                                  Function 0079D307 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                  • Instruction ID: 0ea1af76b56bdfdfaca46278b1dcc9e76de595de4dc15ef7633eb9d15ff49ba9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 985137317083419FDB349F18E881A2FB7E2EFDA710F25843CEA8547365EA75AC518742
                                                                                                                                                                                                                                  Function 0043D0A0 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 0e87dfdf556a0c711327e89229684132eea6e28a06d28a898aa22cd66f13d778
                                                                                                                                                                                                                                  • Instruction ID: c6b6bb5faf057b6a68f3e5ff18d61b6d7d9c128f7451342645401fa614298587
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e87dfdf556a0c711327e89229684132eea6e28a06d28a898aa22cd66f13d778
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3514831A083009FD7249F18E881A2BB7E2EFDD310F25A93DE58547351EA75DC51C74A
                                                                                                                                                                                                                                  Function 00789611 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                  • Instruction ID: 1dce124ea43b84085380953a2e463c635bec22689040e0129f0cf42d9ee95b4c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9671BE71D043688FEB24CFA9CD817EDBBB2FB80310F18816DD559AB289DB7409428B80
                                                                                                                                                                                                                                  Function 004293AA Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                  • Instruction ID: bd453bbf85e71c37a0fde588b6316f789c56ba706437bc4c9fe4a45325bf71d6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6771AF72D043689FEB25CFA9CD817DDBBB2FB80310F18816DD459AB289DB741946CB84
                                                                                                                                                                                                                                  Function 0077EC17 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                  • Instruction ID: b9999e315b49414c508d7348cf5b0c8f45901431c2ae0dff129fcb4a126e098a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0613B356083905FDB25CF38C85192A7BE16F9A310F48C6BDE8E847392D679DC05D792
                                                                                                                                                                                                                                  Function 0041E9B0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                  • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                                                                                                                                  Function 004369A0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                  • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                                                                                                                                  Function 00784CF4 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                  • Instruction ID: bc7907171af9722af1178e891ed3e8e1742323cd720e4aec19dd76f4e360e499
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30519C71A402438BEB18DE34C8A16BAFBE2FF50310B18866DC5975B3C1E7789941D791
                                                                                                                                                                                                                                  Function 00795897 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                  • Instruction ID: 2511ca28a4ef222445ab97a9b0403b580161c0126e44eda62d6bf6c6668aa253
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 515148B16087548FE714DF29D89475BBBE1BBC8314F044A2DE4E987390E379DA088B86
                                                                                                                                                                                                                                  Function 00435630 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                  • Instruction ID: c2a6bcafcd54fac281a485024f5f1ed9cd6e16fab59c4b6ddada49184fd56f0c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB516BB15087548FE314DF29D49435BBBE1BBC8318F444A2EE4E987351E379DA088F86
                                                                                                                                                                                                                                  Function 00776907 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                  • Instruction ID: 330ef291760ffba7834c87d566ceb60fa97b7280e5238ae2fbd4635f52bdbe67
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0618AB1600706CFE728CF65D891252FBA1FF46300F1996ACD09A8F756E778E981CB85
                                                                                                                                                                                                                                  Function 00791157 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                  • Instruction ID: 91790725a8160c7fa1e74921cebecb34b490d6a0b1609f5f8a61791380fd71d3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C514633B599924BD728853C6C613AA7AD30BD6330BADDBBAE5B1CB3E1D11D8C158340
                                                                                                                                                                                                                                  Function 00430EF0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                  • Instruction ID: d7cad542098786fb583f31be900ecfd8ec374eacf30312457ad000f908a343a7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46512433A5A9D04BD32C853C4C623A66AD30BDA330F2DA77BE5B1CB3E1C56D88064355
                                                                                                                                                                                                                                  Function 0078D7E5 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                  • Instruction ID: 204b7716e4cb9dd84f9dd703fc5d3946385547a41c3182cd70b19a54b80f82ca
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4518073B569004BC72C993D8DA166AA6D3ABD933076E863DD476C77D4EA78AC028700
                                                                                                                                                                                                                                  Function 0042D57E Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                  • Instruction ID: 3e54edccfae4d99a9dc067fb7438e7a0f7318be64c596df77be4d10cba28c441
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E651A173B569104BC71CC93C9DA166AA6D3ABD933076E873DD476CB7D4EE78E8028600
                                                                                                                                                                                                                                  Function 0079B2CF Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                  • Instruction ID: 809e34f68ed57284263c98939f9d777f63877bc3508ab8ed509cf0424636f5cc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C415876E687548FC728EF64F8C057AB3A2ABDA314F1E853CC9D61B364DB744D008689
                                                                                                                                                                                                                                  Function 0043B068 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                  • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                                                                                                                                  Function 0078B0AF Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                  • Instruction ID: ce98362bb1a1d04af4c2b302d5166549ab48cc428bf4e58b3da3c107b0f6af83
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B41D3A05083D18BDB359F3980647BBBFE1AFA3219F1849ADC2C5AB682D7784007C759
                                                                                                                                                                                                                                  Function 0042AE48 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                  • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                                                                                                                                  Function 0076CB7E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                  • Instruction ID: 6c73d0ab534e42511002e33541254aa6e5af3349aebbc0e2f9f70c8369785342
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B51467951C3408BD324CF24D840A7BB7F2EFC6304F18995CE88AA72A5DB349906C746
                                                                                                                                                                                                                                  Function 0040C917 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                  • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                                                                                                                                  Function 00775F79 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                  • Instruction ID: aafa690dd434dbf46a7385b46af684c6c456fddca914800bd0bdd028f25aaf22
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E64126B1600A018BDB248F38CC91B7277E2EF92354F28952DE49ACBBA5E67DD801C710
                                                                                                                                                                                                                                  Function 0076C0E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                  • Instruction ID: 7e72bb7e7bd0f6e79e5c029a43bbd7f8442ae266f4f0598970fc103baf85e805
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B4158B52083844FD7198B24CC967B777E0EF56304F18546CE8C6C7292E7294903CB16
                                                                                                                                                                                                                                  Function 0078B08B Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                  • Instruction ID: 772d1893b2826187ffe3c34274b961a015201924ab1961c1f4b6880cee9e6b55
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F741B5A050C3D18ADB359F3490607BBBFD0AF93218F24599CC2D6AB683D7394007CB5A
                                                                                                                                                                                                                                  Function 0042AE24 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                  • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                                                                                                                                  Function 0079B2C2 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                  • Instruction ID: 5da7903cec7b6ebff1fa5c187297ec21c27dd1659321ced3880aa33e6a219de3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F417B75A587548FCB24EF94FDC057EB3A1EF86320F2E452CD5E51B261E7649C009345
                                                                                                                                                                                                                                  Function 0043C020 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                  • Instruction ID: bdc763d3058119611c7ecd8a8528ac1cd9b09ae5f9eb0b7e174c524916cf2ae7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A41F33A308610CFCB08CF78E9E055A73A2FBCB315F29847DD54547622C775A956CB44
                                                                                                                                                                                                                                  Function 0079B2C4 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                  • Instruction ID: 3f1c0f1ab579b1dd7a345e8eee2eadad48224b36348a16c8822ba50a802001bd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE316675A587548FC728EFA4F9C057AB3A1EB8A310F2E452C89E50B361D7A49D009749
                                                                                                                                                                                                                                  Function 0043B05D Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                  • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                                                                                                                                  Function 007860F7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                  • Instruction ID: 9c48087f5fbd467258c9cf28cd5860afcc7ffa50b54185f16155db6f5370664a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F4182B26183908BD734DF24C85179FBAF1EBD1214F498E2CD4DA9B345E73589058B87
                                                                                                                                                                                                                                  Function 0078B05B Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                  • Instruction ID: 1c4a8b01d39907e6c57867899dc39dc665b875c10c30ad14a6f9f1b2edb5b8d3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA3171A05083D18ADB359F259024BFBBFE0AF93219F14899DC2D5AB693D7384047CB5A
                                                                                                                                                                                                                                  Function 0078C6C3 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                  • Instruction ID: 15c93560e2c0e27240b58d89255acbdf7c9f6e73febcd2605335965c97096f1d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98315C7415C3C14BD7B69F285860BBABBD2DF93304F28496CD1CA8B192DB394845CF26
                                                                                                                                                                                                                                  Function 0042C45C Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                  • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                                                                                                                                  Function 0042ADF4 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                  • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                                                                                                                                  Function 007889C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                  • Instruction ID: 09890c4ae6a5c8b8418f8a37fa3b4174edb50f1b0f584cf11383c31b338be540
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB3172722983048FC768EF24CC80A7AB312EB92744F9C853ED98583382DA78CD018783
                                                                                                                                                                                                                                  Function 0076DA09 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                  • Instruction ID: 2077c45aef5dac99370137cb6cd81d7c4adc34bbcca86789e2328383381bbaed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C31D434F385019AE7359B198C40B367763FBC6300F68D22CE8C2976A8DA38AC118B54
                                                                                                                                                                                                                                  Function 0040D7A2 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                  • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                                                                                                                                  Function 0079BC08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                  • Instruction ID: 52b206df874667b4313fe32597e9b6ab9455aa9bbb43d25b4e75705232504275
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2213921B087910BDB18DE39A9D112BFBD39BDB214F08C63EC4A28B6D5DA34E9058708
                                                                                                                                                                                                                                  Function 0043B9A1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                  • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                                                                                                                                  Function 00776544 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                  • Instruction ID: fe8734666520d3b8b1641665df51cd0dee9cbc0e6b8f90faba493ddf4128d37a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9212674604B019FD725CF28C880B27B7A3EBC6320F24CA28D4998B699CB34EC52DB44
                                                                                                                                                                                                                                  Function 0043BF40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                  • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                                                                                                                                  Function 00762E37 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                  • Instruction ID: 5c1a24a51d848067cf32c08e22aa04c916139fd80f74a9da50de7cb5ec1daad2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A11C477F1692107A790DE369C986567393A7C5314B1A0534ED42D7282CA3AFD06E294
                                                                                                                                                                                                                                  Function 00402BD0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                  • Instruction ID: d3efd499d3fbc33036e2032367fc91d0155dae543bbe3474a39f1f7b468c3dc9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A11B273F2A92107F3549E369C9C21B6352E7C531471A0535D941A72C1CA79F902E168
                                                                                                                                                                                                                                  Function 0078552B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                  • Instruction ID: b6083ac93a68ff44e40dd320cc587d4546796b5b4bb79279024e98a7eaeccafb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 761136317847409FCB18EF64D8E1A7EB3A1AB96300F48543DE1D2C7251D67CCC048B46
                                                                                                                                                                                                                                  Function 0079B3FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                  • Instruction ID: 3e13bb938532d28d217fe8b8c082b1877bfdadad8cdace1f3793961893663362
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1116B75B587848FC718EFA4FDC067AB3A1AF9A310F2D843CC5E647761EBA08D109649
                                                                                                                                                                                                                                  Function 0043B195 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                  • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                                                                                                                                  Function 00774806 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                  • Instruction ID: a8c958bb32198150e63cb2054a32f7939b4179de271b12c9804bc7991c995847
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13012231B05240AAFB688B289C51B3AB363F7D3B40F65D12CE1859B1D1EF748C418B47
                                                                                                                                                                                                                                  Function 00793897 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                  • Instruction ID: b04a8ed785693e4b9e89a70151ad590397a7bfba7ccfbcb0aa2dfb4ab04e30c0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E411E933B051D40EC7168D3C9400979BFE30AA3235F198399F4F49B2D2D6278E8A9760
                                                                                                                                                                                                                                  Function 00433630 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                  • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                                                                                                                                  Function 00789C17 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                  • Instruction ID: 4f36961650c19fdc59418dd09b7b64e244cc43a696fe218c78b55dd5157e20dd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA015EF16403019BE620BE6585C5B37B2E96F91710F1C452CEE0A57201DB6BEC0687B6
                                                                                                                                                                                                                                  Function 007855B3 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                  • Instruction ID: 511f4659f9e0c894c7869864daa15d0d4d967c6350b60c32b980cd0a9e7d4f98
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 561134363947008FD718CF68D8E05BEB3E19B86311F49943D94C2C3390CABCC9058B46
                                                                                                                                                                                                                                  Function 004299B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                  • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                                                                                                                                  Function 00796C3B Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                  • Instruction ID: 4bb6e70c0024800fa67377625375c1b83c599286449aa1d8b89a3b2f6981f0e4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE1144756042019BEB209F24EC80A3BB7E6EBE7700F259538F68097291DA389C529766
                                                                                                                                                                                                                                  Function 00730083 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454359556.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_730000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                  • Instruction ID: cf15a41bff76004bfced095e34331e5719227ddf2aefd3f0fb0745cd1dce4ca7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91113C72340104AFE754DE55DCD1FA673EAEB89320F298065ED08CB716D67AE841C7A0
                                                                                                                                                                                                                                  Function 0076C030 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                  • Instruction ID: 46ccad0bae511f2ee1cc0c176da2c282adf1c1c6deec84d1c98dbac49d907b43
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60119E71608341ABD7249F299D9067BBBE2EBC2354F15AA2CE5D657790C630C845CB0A
                                                                                                                                                                                                                                  Function 0076EAA2 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                  • Instruction ID: 5b5dfe5c5c8109564e5068f1817bc58c625abe48ff376751dec8bab6a3e2b36b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9411E3747407808FD3188F24CCD6E62B7B2ABD6318719867DB8429BB93C67CAC09C764
                                                                                                                                                                                                                                  Function 0040E83B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                  • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                                                                                                                                  Function 0040BDC9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                  • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A
                                                                                                                                                                                                                                  Function 00760D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                  • Instruction ID: 2cbfc13d5e2caa36bfb7dfafc71383771ed1957b068da1acbf9a43b8f3d0ffc7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5801A276B006149FDF21DF64C804BAF33E5FB86316F4945A5DD0B97282E778A9418BD0
                                                                                                                                                                                                                                  Function 007870E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                  • Instruction ID: 5fa8c9e5c2e3f2a91f077a843a0ad0e5adea6210718af51fbd1e4505d02ae5c9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12F06DB5E0C3848BC71CDF28C48062AFBE4AB9A700F10693EE48AA3341DB31D545CB4A
                                                                                                                                                                                                                                  Function 00787797 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                  • Instruction ID: 910c947aa54cab68d1454282863498990bf65ece09389dda41634826c79499a2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6F046B414D3919FC304EF29D29051BFBE0ABD5718F64AA5CE8DA5B212D334C902CB4A
                                                                                                                                                                                                                                  Function 007854D1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                  • Instruction ID: 4221bfdb76f2302a91ec53cb795f255603df159352f8dddb589591b8cecf67df
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72F0EDB5688301BAF6348A00DC43F6BB6B49B55B04F311518B344790F0E5E1B959870E
                                                                                                                                                                                                                                  Function 0042526A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                  • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                                                                                                                                  Function 0079AD19 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                  • Instruction ID: 16e366bfcda1da91ff3037e4887da105b982567948ebe207b7daf3bf297ca8d8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAF0A735B456808BEB04CF38E82195ABBE2E387324F145A7DD641D3755D639C8018605
                                                                                                                                                                                                                                  Function 0043AAB2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                  • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                                                                                                                                  Function 007863B6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                  • Instruction ID: 53056d70057d850fb753533903e3906d7fd408d3f2910e06f3a26fb0967be2bc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2D0972488C73AE30E290E1401100BCB7220A03711B0A51E4EEC13FC82CB7ECD071358
                                                                                                                                                                                                                                  Function 0079C268 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                  • Instruction ID: 979b3066809f2b39c8d4e254b46c6f556eea9d2a5e27a8b6f776bea0b7d6dcb5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AB002759486418FC644DF18D584974F7F5AB0B211F1564549589E7222D220D8408A19
                                                                                                                                                                                                                                  Function 0078559D Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                  • Instruction ID: 70204a4f19da818e306c590333116dd845209fb171f96af6639338c1a50bb7b2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38B00254855145D6D704CF10D905575F270BF43705F10F655A40437160D3B4C248870E
                                                                                                                                                                                                                                  Function 0079C79B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                  • Instruction ID: 10c72ce3a0ca8e08a8575cf423c81d1ec4165de9f21f41d416b206e48e332a4b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDA00239E5C40197CA08CF20A854871E2BA6B5F204FA134288106B7C52D951D500854C
                                                                                                                                                                                                                                  Function 00791337 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                  • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                  • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                  • Opcode ID: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                  • Instruction ID: 3fef67551c6638a55dccaa59a9101f5d0b254973b5a565b192e30ab6dd1494ff
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1541817150C7828ED301EF7C998835FBEE09F8A314F494A7DE8DA86392D6788548D793
                                                                                                                                                                                                                                  Function 0078FAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454419961.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_760000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                  • String ID: L
                                                                                                                                                                                                                                  • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                  • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                  • Instruction ID: ede87e6d751c464cf50bb6b8071d781756b95731f4a80d69e5e96701e5f99e5b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81412B7110CBC18ED321DB38845865EBFD16BE6220F188A9CE5F5873E2D6748549CB53
                                                                                                                                                                                                                                  Function 0042F83B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                  • String ID: L
                                                                                                                                                                                                                                  • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                  • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                  • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                                                                                                                                  Function 004322BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1454134308.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1454134308.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_ZxSWvC0Tz7.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MetricsSystem
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                  • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                  • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86