Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4hQFnbWlj8.exe

Overview

General Information

Sample name:4hQFnbWlj8.exe
renamed because original name is a hash value
Original sample name:d0379319a04dc9cfb050269fb99c68d574d11e3b10da6a10b8a984eb6b1324d4.exe
Analysis ID:1587653
MD5:4ce2ce1838b14b0dda1477b7d5c57e9e
SHA1:2a325cbebf2b6e5dc0a86a515673f78a215b8877
SHA256:d0379319a04dc9cfb050269fb99c68d574d11e3b10da6a10b8a984eb6b1324d4
Tags:exeuser-adrian__luca
Infos:

Detection

Vidar
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 4hQFnbWlj8.exe (PID: 7448 cmdline: "C:\Users\user\Desktop\4hQFnbWlj8.exe" MD5: 4CE2CE1838B14B0DDA1477B7D5C57E9E)
    • conhost.exe (PID: 7456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 4hQFnbWlj8.exe (PID: 7520 cmdline: "C:\Users\user\Desktop\4hQFnbWlj8.exe" MD5: 4CE2CE1838B14B0DDA1477B7D5C57E9E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/", "Botnet": "87"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: 4hQFnbWlj8.exe PID: 7520JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T16:24:45.367484+010020287653Unknown Traffic192.168.2.45001595.217.25.228443TCP
    2025-01-10T16:25:19.902408+010020287653Unknown Traffic192.168.2.44973795.217.25.228443TCP
    2025-01-10T16:25:54.276605+010020287653Unknown Traffic192.168.2.44974195.217.25.228443TCP
    2025-01-10T16:26:28.523577+010020287653Unknown Traffic192.168.2.44984795.217.25.228443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://95.217.25.228/Avira URL Cloud: Label: malware
    Source: https://95.217.25.228/rosoftAvira URL Cloud: Label: malware
    Source: https://95.217.25.228Avira URL Cloud: Label: malware
    Source: https://95.217.25.228/rpriseCertificatesAvira URL Cloud: Label: malware
    Source: https://95.217.25.228/wsAvira URL Cloud: Label: malware
    Source: https://95.217.25.228/pmAvira URL Cloud: Label: malware
    Source: https://95.217.25.228/WAvira URL Cloud: Label: malware
    Source: https://95.217.25.228/(cAvira URL Cloud: Label: malware
    Source: https://95.217.25.228/pAvira URL Cloud: Label: malware
    Found malware configuration
    Source: 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/", "Botnet": "87"}
    Multi AV Scanner detection for submitted file
    Source: 4hQFnbWlj8.exeVirustotal: Detection: 76%Perma Link
    Source: 4hQFnbWlj8.exeReversingLabs: Detection: 71%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
    Machine Learning detection for sample
    Source: 4hQFnbWlj8.exeJoe Sandbox ML: detected
    Source: 4hQFnbWlj8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008C361F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_008C361F

    Networking

    barindex
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: https://steamcommunity.com/
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=da5101e589816dbc6a430faa; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=da5101e589816dbc6a430faa; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=da5101e589816dbc6a430faa; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49737 -> 95.217.25.228:443
    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49741 -> 95.217.25.228:443
    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49847 -> 95.217.25.228:443
    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50015 -> 95.217.25.228:443
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00418B3F InternetReadFile,2_2_00418B3F
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=da5101e589816dbc6a430faa; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=da5101e589816dbc6a430faa; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=da5101e589816dbc6a430faa; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steam equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steam@- equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cha/ https://www.youtube.com/ https://s.ytimg.co equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: t.me
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986805113.0000000000F33000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://95.217.25.228
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001288000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/(c
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001288000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/-
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001218000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/W
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/ZjN4
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/p
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/pm
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/rosoft
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/rpriseCertificates
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/ws
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.ecc
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/stea
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflar
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflar/economy.js?v=nWrdv801aW2D&l=english&_cdn=cloudflare
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflar4dlp
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.stea
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=3CSOZ0Rac3
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/communityEN_URL":"htt
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8LXN&l=english&am
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=engli
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&l=en
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986805113.0000000000F33000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=M_FU
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=3W_ge11SZngF&l=englis
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&l=
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=engli
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&l=engli
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=iGFW_JMULCcZ&
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reporte
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reporte.518
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=VsdTzPa1YF_Y&amp
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=engl
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javasc
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=0y-Qdz9keFm
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampower
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://help.steampowered.com/en/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.co
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001305000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.0000000001305000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.c
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/discussions/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986805113.0000000000F33000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199803837316
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/mark
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/mark2
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/market/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001288000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316&
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316)
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316-8
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097413487.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316/badges
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316/inventory/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611998038373161
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316g88paMozilla/5.0
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/workshop/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986805113.0000000000F33000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://store.steamp
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowere
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/about/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/explore/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/legal/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/mobile
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/news/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/stats/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/7nE4
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/g
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlp
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001218000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlp$
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlpg88paMozilla/5.0
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telegram.org/img/t_logo_2x.png
    Source: 4hQFnbWlj8.exe, 00000002.00000003.1739187508.000000000128B000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.orgU
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.co
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083A3300_2_0083A330
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087E3400_2_0087E340
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A33400_2_008A3340
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008624E00_2_008624E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083C5A00_2_0083C5A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AB8500_2_008AB850
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AD9C00_2_008AD9C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008ADB800_2_008ADB80
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008ACB500_2_008ACB50
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A6CD00_2_008A6CD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00884DA00_2_00884DA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00852ED00_2_00852ED0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008940A00_2_008940A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008770B00_2_008770B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008530C00_2_008530C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085F0E00_2_0085F0E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008520E00_2_008520E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008960E00_2_008960E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008310000_2_00831000
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008910200_2_00891020
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008440500_2_00844050
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087C0500_2_0087C050
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008610600_2_00861060
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087D0700_2_0087D070
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008900700_2_00890070
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083D1800_2_0083D180
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086D1900_2_0086D190
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0088E1A00_2_0088E1A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008601B00_2_008601B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084E1C00_2_0084E1C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B21C00_2_008B21C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008801E00_2_008801E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AE1E00_2_008AE1E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085D1F00_2_0085D1F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008691F00_2_008691F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008481000_2_00848100
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008571000_2_00857100
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008411100_2_00841110
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008991100_2_00899110
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008C61220_2_008C6122
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008401300_2_00840130
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086B1400_2_0086B140
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084F1500_2_0084F150
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087E1500_2_0087E150
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AF1500_2_008AF150
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086E1600_2_0086E160
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008882900_2_00888290
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008762E00_2_008762E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008632000_2_00863200
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087A2200_2_0087A220
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086F2300_2_0086F230
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084D2400_2_0084D240
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008892400_2_00889240
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008552500_2_00855250
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008862500_2_00886250
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008682600_2_00868260
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008532700_2_00853270
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008872700_2_00887270
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008833800_2_00883380
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008803800_2_00880380
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008983900_2_00898390
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089E3A00_2_0089E3A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008603C00_2_008603C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A73C00_2_008A73C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008593D00_2_008593D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089A3D00_2_0089A3D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AC3E00_2_008AC3E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B73E00_2_008B73E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B63F00_2_008B63F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008CB30E0_2_008CB30E
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008663200_2_00866320
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AF3200_2_008AF320
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089C3400_2_0089C340
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008723500_2_00872350
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008823500_2_00882350
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0088D3500_2_0088D350
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089D3500_2_0089D350
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A03600_2_008A0360
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086F4800_2_0086F480
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085B4900_2_0085B490
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087D4900_2_0087D490
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A24B00_2_008A24B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087C4C00_2_0087C4C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AF4D00_2_008AF4D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008644000_2_00864400
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087F4000_2_0087F400
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A44000_2_008A4400
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008484200_2_00848420
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087A4200_2_0087A420
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008534300_2_00853430
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008884400_2_00888440
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AD4400_2_008AD440
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084D4700_2_0084D470
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008784700_2_00878470
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089F4700_2_0089F470
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008924700_2_00892470
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008465900_2_00846590
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008945B00_2_008945B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008705D00_2_008705D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008855D00_2_008855D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B05E00_2_008B05E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AD5F00_2_008AD5F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085A5000_2_0085A500
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B25100_2_008B2510
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087B5300_2_0087B530
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A05400_2_008A0540
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008965500_2_00896550
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086B5600_2_0086B560
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008585700_2_00858570
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085E5700_2_0085E570
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089E5700_2_0089E570
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B56800_2_008B5680
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008456900_2_00845690
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008546900_2_00854690
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008846900_2_00884690
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086A6B00_2_0086A6B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008646B00_2_008646B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008906C00_2_008906C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B46D00_2_008B46D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008596E00_2_008596E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0088A6F00_2_0088A6F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089C6F00_2_0089C6F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A96000_2_008A9600
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085B6300_2_0085B630
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084E6400_2_0084E640
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008516400_2_00851640
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0088C6500_2_0088C650
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008656600_2_00865660
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008766600_2_00876660
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008876700_2_00887670
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008987900_2_00898790
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008437D00_2_008437D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008867D00_2_008867D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089F7E00_2_0089F7E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008427100_2_00842710
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008587100_2_00858710
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A17100_2_008A1710
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008C77100_2_008C7710
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008937300_2_00893730
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B37400_2_008B3740
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008967500_2_00896750
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008607700_2_00860770
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A87700_2_008A8770
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008878800_2_00887880
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A28800_2_008A2880
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087D8A00_2_0087D8A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089B8A00_2_0089B8A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086D8B00_2_0086D8B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008818B00_2_008818B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008978B00_2_008978B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087E8C00_2_0087E8C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B38E00_2_008B38E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008448000_2_00844800
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008808100_2_00880810
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008568300_2_00856830
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A78400_2_008A7840
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008548600_2_00854860
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A59800_2_008A5980
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A09900_2_008A0990
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0088F9A00_2_0088F9A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B69A00_2_008B69A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008449C00_2_008449C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089F9D00_2_0089F9D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085E9E00_2_0085E9E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086B9000_2_0086B900
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008629100_2_00862910
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008919100_2_00891910
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008609200_2_00860920
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087B9200_2_0087B920
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008559500_2_00855950
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A69500_2_008A6950
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AA9500_2_008AA950
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083C9600_2_0083C960
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B29700_2_008B2970
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00890A800_2_00890A80
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083EA900_2_0083EA90
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083FAA00_2_0083FAA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00840AA00_2_00840AA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00849AA00_2_00849AA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B4AA00_2_008B4AA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086CAB00_2_0086CAB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00894AB00_2_00894AB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087BAD00_2_0087BAD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00841AF00_2_00841AF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00861AF00_2_00861AF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00886AF00_2_00886AF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A4AF00_2_008A4AF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084EA000_2_0084EA00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00853A000_2_00853A00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089DA000_2_0089DA00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00854A100_2_00854A10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00842A200_2_00842A20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00846A200_2_00846A20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00863A300_2_00863A30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084CA400_2_0084CA40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0088DA400_2_0088DA40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085CA500_2_0085CA50
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00870A600_2_00870A60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00896A600_2_00896A60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00895A600_2_00895A60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087FB900_2_0087FB90
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00898B900_2_00898B90
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00847BA00_2_00847BA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00878BA00_2_00878BA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084EBB00_2_0084EBB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085DBB00_2_0085DBB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084ABC00_2_0084ABC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089CBD00_2_0089CBD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00897BE00_2_00897BE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00864B000_2_00864B00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00893B200_2_00893B20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00867B300_2_00867B30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089EB300_2_0089EB30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00888B400_2_00888B40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008BBC920_2_008BBC92
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087CCA00_2_0087CCA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A4CA00_2_008A4CA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00866CC00_2_00866CC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087ECC00_2_0087ECC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A7CC00_2_008A7CC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00899CD00_2_00899CD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00893CD00_2_00893CD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00876C000_2_00876C00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00883C100_2_00883C10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B5C100_2_008B5C10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0088AC200_2_0088AC20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083EC400_2_0083EC40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00854C400_2_00854C40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B1C400_2_008B1C40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084DC600_2_0084DC60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00879C700_2_00879C70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AFC700_2_008AFC70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00882DB00_2_00882DB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0089FDD00_2_0089FDD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083EDE00_2_0083EDE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00881DE00_2_00881DE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00870DF00_2_00870DF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087DDF00_2_0087DDF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00894DF00_2_00894DF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084FD000_2_0084FD00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B6D100_2_008B6D10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00891D300_2_00891D30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008ABD300_2_008ABD30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00865D400_2_00865D40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00847D500_2_00847D50
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086BD600_2_0086BD60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A1D600_2_008A1D60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0085CD700_2_0085CD70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00887E800_2_00887E80
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00899E800_2_00899E80
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00866EC00_2_00866EC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008ADEC00_2_008ADEC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00886ED00_2_00886ED0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00885ED00_2_00885ED0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083DEE00_2_0083DEE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00853EF00_2_00853EF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00857EF00_2_00857EF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00848E100_2_00848E10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00859E200_2_00859E20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0084DE300_2_0084DE30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0087AE300_2_0087AE30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AFE300_2_008AFE30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00879E600_2_00879E60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086FE700_2_0086FE70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00862E700_2_00862E70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00845F900_2_00845F90
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00842FC00_2_00842FC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0086CFE00_2_0086CFE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B3FE00_2_008B3FE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0088DFF00_2_0088DFF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00896FF00_2_00896FF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A1F100_2_008A1F10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00863F200_2_00863F20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008A2F400_2_008A2F40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00875F500_2_00875F50
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0083BF600_2_0083BF60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008AAF700_2_008AAF70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C8E62_2_0043C8E6
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C0712_2_0040C071
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D0012_2_0040D001
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004070012_2_00407001
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004090012_2_00409001
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C0012_2_0043C001
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A0112_2_0040A011
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043D0112_2_0043D011
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004040312_2_00404031
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004260312_2_00426031
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004060F12_2_004060F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004070F12_2_004070F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A0F12_2_0040A0F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C0F12_2_0043C0F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043D0F12_2_0043D0F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042A0F12_2_0042A0F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004050812_2_00405081
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004080912_2_00408091
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041E0A12_2_0041E0A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004081512_2_00408151
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004091712_2_00409171
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040F1112_2_0040F111
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C1112_2_0040C111
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004041112_2_00404111
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004281C12_2_004281C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004061D12_2_004061D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041D1E12_2_0041D1E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004081F12_2_004081F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041E1812_2_0041E181
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A1912_2_0040A191
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C1912_2_0043C191
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004041B12_2_004041B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004092412_2_00409241
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C2412_2_0040C241
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0044025F2_2_0044025F
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004042612_2_00404261
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004062712_2_00406271
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004072112_2_00407211
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B21F2_2_0043B21F
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C2212_2_0043C221
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C2C12_2_0043C2C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B2F12_2_0043B2F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004052812_2_00405281
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A2812_2_0040A281
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041E2912_2_0041E291
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004072A12_2_004072A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004202B12_2_004202B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004073412_2_00407341
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A3512_2_0040A351
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041E3712_2_0041E371
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043A3712_2_0043A371
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004093012_2_00409301
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C3112_2_0040C311
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004253202_2_00425320
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004283C12_2_004283C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004093D12_2_004093D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004073E12_2_004073E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B3E12_2_0043B3E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004043812_2_00404381
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004083812_2_00408381
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D3B12_2_0040D3B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004054612_2_00405461
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004064612_2_00406461
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A4612_2_0040A461
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D4712_2_0040D471
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043A4712_2_0043A471
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C4012_2_0040C401
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040F4012_2_0040F401
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004084312_2_00408431
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004044D12_2_004044D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004064F12_2_004064F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C4A12_2_0040C4A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004094A12_2_004094A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B4B12_2_0043B4B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C4B12_2_0043C4B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A5512_2_0040A551
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C5512_2_0043C551
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043A5612_2_0043A561
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004085012_2_00408501
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004075012_2_00407501
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004285012_2_00428501
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D5212_2_0040D521
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D5C12_2_0040D5C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004055C12_2_004055C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040E5C12_2_0040E5C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004085D12_2_004085D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C5F12_2_0043C5F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B5912_2_0040B591
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004095912_2_00409591
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004045912_2_00404591
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004096412_2_00409641
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004076112_2_00407611
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004066212_2_00406621
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004056D12_2_004056D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C6E12_2_0040C6E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004046E12_2_004046E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D6812_2_0040D681
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C6812_2_0043C681
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B6A12_2_0040B6A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A7412_2_0040A741
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B7412_2_0040B741
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004067612_2_00406761
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004057712_2_00405771
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004097112_2_00409711
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004077112_2_00407711
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004087312_2_00408731
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004397D12_2_004397D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004087E12_2_004087E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004097E12_2_004097E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A7E12_2_0040A7E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B7F12_2_0040B7F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004047812_2_00404781
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040E7A12_2_0040E7A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004077B12_2_004077B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040E8412_2_0040E841
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004058612_2_00405861
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004048712_2_00404871
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C8012_2_0040C801
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004068012_2_00406801
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A8F12_2_0040A8F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004078912_2_00407891
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B8A12_2_0040B8A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004098B12_2_004098B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004069412_2_00406941
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040E9512_2_0040E951
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D9712_2_0040D971
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B9712_2_0040B971
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004089112_2_00408911
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C9212_2_0040C921
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004049212_2_00404921
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004059212_2_00405921
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041F9312_2_0041F931
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B9312_2_0043B931
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004059D12_2_004059D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041C9812_2_0041C981
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A9A12_2_0040A9A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CA512_2_0040CA51
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406A612_2_00406A61
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405A712_2_00405A71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040AA712_2_0040AA71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041FA012_2_0041FA01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040FA012_2_0040FA01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CA012_2_0043CA01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404A112_2_00404A11
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00401A212_2_00401A21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408A312_2_00408A31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CAD12_2_0043CAD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409AF12_2_00409AF1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DA812_2_0040DA81
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00407A912_2_00407A91
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042DB612_2_0042DB61
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041EB712_2_0041EB71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403B012_2_00403B01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405B112_2_00405B11
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00401B212_2_00401B21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408B212_2_00408B21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040AB312_2_0040AB31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404B312_2_00404B31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043BB312_2_0043BB31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403BC12_2_00403BC1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404BC12_2_00404BC1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00426BD12_2_00426BD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DBE12_2_0040DBE1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00407BF12_2_00407BF1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406B812_2_00406B81
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CBA12_2_0040CBA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040EBA12_2_0040EBA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CBA12_2_0043CBA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042EBA12_2_0042EBA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040BBB12_2_0040BBB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409BB12_2_00409BB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CC412_2_0040CC41
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00439C512_2_00439C51
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CC612_2_0043CC61
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406C712_2_00406C71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040BC712_2_0040BC71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00426C712_2_00426C71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408C212_2_00408C21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405C212_2_00405C21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040EC312_2_0040EC31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043ECC12_2_0043ECC1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404CE12_2_00404CE1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403C812_2_00403C81
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409CA12_2_00409CA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043BCA12_2_0043BCA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00407CB12_2_00407CB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00420CB12_2_00420CB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040BD512_2_0040BD51
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042DD512_2_0042DD51
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409D612_2_00409D61
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041ED012_2_0041ED01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406D012_2_00406D01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CD012_2_0040CD01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DD012_2_0040DD01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040ED012_2_0040ED01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CD012_2_0043CD01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405D112_2_00405D11
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408D312_2_00408D31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00426D312_2_00426D31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00407DD12_2_00407DD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DDD12_2_0040DDD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00426DD12_2_00426DD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CDE12_2_0043CDE1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406DF12_2_00406DF1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403DA12_2_00403DA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CDA12_2_0040CDA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043BDB12_2_0043BDB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CE412_2_0040CE41
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043BE712_2_0043BE71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040AE012_2_0040AE01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404E012_2_00404E01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408E012_2_00408E01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405E112_2_00405E11
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403E312_2_00403E31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409ED12_2_00409ED1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403ED12_2_00403ED1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040BEE12_2_0040BEE1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406E912_2_00406E91
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00429E912_2_00429E91
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041AEA12_2_0041AEA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DEA12_2_0040DEA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408EB12_2_00408EB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CEB12_2_0043CEB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: String function: 008BE178 appears 36 times
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: String function: 008B9440 appears 68 times
    Source: 4hQFnbWlj8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: 4hQFnbWlj8.exeStatic PE information: Section: .bss ZLIB complexity 1.0003243284493284
    Source: classification engineClassification label: mal96.troj.evad.winEXE@4/3@2/3
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199803837316[1].htmJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7456:120:WilError_03
    Source: 4hQFnbWlj8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: 4hQFnbWlj8.exeVirustotal: Detection: 76%
    Source: 4hQFnbWlj8.exeReversingLabs: Detection: 71%
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeFile read: C:\Users\user\Desktop\4hQFnbWlj8.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\4hQFnbWlj8.exe "C:\Users\user\Desktop\4hQFnbWlj8.exe"
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeProcess created: C:\Users\user\Desktop\4hQFnbWlj8.exe "C:\Users\user\Desktop\4hQFnbWlj8.exe"
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeProcess created: C:\Users\user\Desktop\4hQFnbWlj8.exe "C:\Users\user\Desktop\4hQFnbWlj8.exe"Jump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
    Source: 4hQFnbWlj8.exeStatic file information: File size 1122304 > 1048576
    Source: 4hQFnbWlj8.exeStatic PE information: section name: .00cfg
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B9524 push ecx; ret 0_2_008B9537
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_008B9524 push ecx; ret 2_2_008B9537
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B974D GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_008B974D

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
    Source: 4hQFnbWlj8.exeBinary or memory string: DIR_WATCH.DLL
    Source: 4hQFnbWlj8.exeBinary or memory string: SBIEDLL.DLL
    Source: 4hQFnbWlj8.exeBinary or memory string: API_LOG.DLL
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: <EABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION4@
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeAPI coverage: 7.2 %
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeAPI coverage: 7.5 %
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exe TID: 7524Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008C361F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_008C361F
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeThread delayed: delay time: 60000Jump to behavior
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001272000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000065F000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVMware
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B90E0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008B90E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008D61A9 mov edi, dword ptr fs:[00000030h]0_2_008D61A9
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004015DF mov eax, dword ptr fs:[00000030h]2_2_004015DF
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00401661 mov eax, dword ptr fs:[00000030h]2_2_00401661
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040190C test dword ptr fs:[00000030h], 00000068h2_2_0040190C
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008BFB4D GetProcessHeap,0_2_008BFB4D
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B90D4 SetUnhandledExceptionFilter,0_2_008B90D4
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B90E0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008B90E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B905A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008B905A
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008BDECA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008BDECA
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_008B90D4 SetUnhandledExceptionFilter,2_2_008B90D4
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_008B90E0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_008B90E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_008B905A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_008B905A
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_008BDECA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_008BDECA

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Contains functionality to inject code into remote processes
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008D61A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_008D61A9
    Injects a PE file into a foreign processes
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeMemory written: C:\Users\user\Desktop\4hQFnbWlj8.exe base: 400000 value starts with: 4D5AJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeProcess created: C:\Users\user\Desktop\4hQFnbWlj8.exe "C:\Users\user\Desktop\4hQFnbWlj8.exe"Jump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B9251 cpuid 0_2_008B9251
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_008B9A21 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_008B9A21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042ED59 GetUserNameA,2_2_0042ED59

    Stealing of Sensitive Information

    barindex
    Yara detected Vidar stealer
    Source: Yara matchFile source: Process Memory Space: 4hQFnbWlj8.exe PID: 7520, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Vidar stealer
    Source: Yara matchFile source: Process Memory Space: 4hQFnbWlj8.exe PID: 7520, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    DLL Side-Loading    		211
    Process Injection    		1
    Masquerading    		OS Credential Dumping1
    System Time Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		11
    Virtualization/Sandbox Evasion    		LSASS Memory121
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media2
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)211
    Process Injection    		Security Account Manager11
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Deobfuscate/Decode Files or Information    		NTDS1
    Account Discovery    		Distributed Component Object ModelInput Capture13
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
    Obfuscated Files or Information    		LSA Secrets1
    System Owner/User Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Software Packing    		Cached Domain Credentials1
    File and Directory Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    DLL Side-Loading    		DCSync12
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    4hQFnbWlj8.exe76%VirustotalBrowse
    4hQFnbWlj8.exe71%ReversingLabsWin32.Trojan.LummaC
    4hQFnbWlj8.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://95.217.25.228/100%Avira URL Cloudmalware
    https://help.steampower0%Avira URL Cloudsafe
    https://community.cloudflar4dlp0%Avira URL Cloudsafe
    https://store.steamp0%Avira URL Cloudsafe
    https://www.gstatic.co0%Avira URL Cloudsafe
    https://95.217.25.228/rosoft100%Avira URL Cloudmalware
    https://95.217.25.228100%Avira URL Cloudmalware
    https://broadcast.st.dl.ecc0%Avira URL Cloudsafe
    https://95.217.25.228/rpriseCertificates100%Avira URL Cloudmalware
    https://95.217.25.228/ws100%Avira URL Cloudmalware
    https://community.cloudflar/economy.js?v=nWrdv801aW2D&l=english&_cdn=cloudflare0%Avira URL Cloudsafe
    https://community.cloudflare.stea0%Avira URL Cloudsafe
    https://web.telegram.orgU0%Avira URL Cloudsafe
    https://95.217.25.228/pm100%Avira URL Cloudmalware
    https://store.steampowere0%Avira URL Cloudsafe
    https://95.217.25.228/W100%Avira URL Cloudmalware
    https://steamcommunity.c0%Avira URL Cloudsafe
    https://95.217.25.228/(c100%Avira URL Cloudmalware
    https://community.cloudflar0%Avira URL Cloudsafe
    https://95.217.25.228/p100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		high
      t.me
      		149.154.167.99
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://steamcommunity.com/profiles/76561199803837316false
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8LXN&amp;l=english&am4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
            		high
            https://player.vimeo.com4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://community.cloudflare.steamstatic.com/public/css/applications/community4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                		high
                https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&amp;l=engli4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                  		high
                  https://steamcommunity.com/?subsection=broadcasts4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                    		high
                    https://www.gstatic.co4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://store.steampowered.com/subscriber_agreement/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                      		high
                      https://www.gstatic.cn/recaptcha/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://community.cloudflare.steamstatic.com/public/shared/javasc4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                          		high
                          https://telegram.org/img/t_logo_2x.png4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://steamcommunity.com/profiles/76561199803837316g88paMozilla/5.04hQFnbWlj8.exe, 00000002.00000002.2986208946.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                              		high
                              http://www.valvesoftware.com/legal.htm4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                		high
                                https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                  		high
                                  https://www.youtube.com4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.google.com4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                        		high
                                        https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=engl4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                          		high
                                          https://steamcommunity.com/profiles/76561199803837316/inventory/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                            		high
                                            https://95.217.25.22876561199803837316[1].htm.2.drtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                              		high
                                              https://95.217.25.228/rosoft4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://s.ytimg.com;4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://broadcast.st.dl.ecc4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                  		high
                                                  https://t.me/7nE44hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://store.steamp4hQFnbWlj8.exe, 00000002.00000002.2986805113.0000000000F33000.00000004.00000010.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://steam.tv/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://help.steampower4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://community.cloudflar4dlp4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                        		high
                                                        http://store.steampowered.com/privacy_agreement/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986805113.0000000000F33000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                          		high
                                                          https://store.steampowered.com/points/shop/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                            		high
                                                            https://95.217.25.228/4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001288000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmptrue
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://sketchfab.com4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://lv.queniujq.cn4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.youtube.com/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://store.steampowered.com/privacy_agreement/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                    		high
                                                                    https://95.217.25.228/ws4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmptrue
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&amp;l=engli4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                      		high
                                                                      https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=engli4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                          		high
                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                            		high
                                                                            https://95.217.25.228/rpriseCertificates4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmptrue
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            https://steamcommunity.com/profiles/7656119980383731614hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.cloudflare.stea4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://community.cloudflar/economy.js?v=nWrdv801aW2D&l=english&_cdn=cloudflare4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://steamcommunity.com/profiles/76561199803837316&4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001288000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620164hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                  		high
                                                                                  https://steamcommunity.com/profiles/76561199803837316)4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.com/recaptcha/4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://checkout.steampowered.com/4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://steamcommunity.com/mark4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                            		high
                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                              		high
                                                                                              https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                		high
                                                                                                https://web.telegram.orgU4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://store.steampowered.com/;4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://95.217.25.228/pm4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/about/76561199803837316[1].htm.2.drfalse
                                                                                                    		high
                                                                                                    https://community.cloudflare.steamstatic.com/4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/reporte4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steamcommunity.com/my/wishlist/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                          		high
                                                                                                          https://t.me/4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=76561199803837316[1].htm.2.drfalse
                                                                                                              		high
                                                                                                              https://web.telegram.org4hQFnbWlj8.exe, 00000002.00000003.1739187508.000000000128B000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001259000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                  		high
                                                                                                                  https://help.steampowered.com/en/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                    		high
                                                                                                                    https://95.217.25.228/W4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001218000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    		unknown
                                                                                                                    https://steamcommunity.com/market/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/news/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                        		high
                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=3W_ge11SZngF&amp;l=englis4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                          		high
                                                                                                                          https://community.cloudflar4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://store.steampowered.com/subscriber_agreement/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                            		high
                                                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                              		high
                                                                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986805113.0000000000F33000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                		high
                                                                                                                                https://recaptcha.net/recaptcha/;4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://steamcommunity.com/discussions/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                    		high
                                                                                                                                    https://store.steampowered.com/stats/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                      		high
                                                                                                                                      https://95.217.25.228/p4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                      		unknown
                                                                                                                                      https://medal.tv4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://broadcast.st.dl.eccdnx.com4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://store.steampowered.com/steam_refunds/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                            		high
                                                                                                                                            https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                              		high
                                                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                		high
                                                                                                                                                https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&amp;l=en4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F7656119980383731676561199803837316[1].htm.2.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowere4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://steamcommunity.com/workshop/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://t.me/g4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://login.steampowered.com/4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://store.steampowered.com/legal/4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://95.217.25.228/(c4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                              		unknown
                                                                                                                                                              https://community.cloudflare.steamstatic.com/public/css/applications/communityEN_URL&quot;:&quot;htt4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.c4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001305000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.0000000001305000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=3CSOZ0Rac34hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=0y-Qdz9keFm4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=M_FU4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986208946.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2987286906.0000000001310000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2440031641.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2793673032.00000000012FE000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2770305100.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418497427.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2097089381.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2780593213.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://recaptcha.net4hQFnbWlj8.exe, 00000002.00000002.2986976548.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2418522272.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1752486749.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2427480340.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.2986976548.0000000001245000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high

                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                        Public IPs

                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                        104.102.49.254
                                                                                                                                                                        		steamcommunity.comUnited States
                                                                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                                                                        95.217.25.228
                                                                                                                                                                        		unknownGermany
                                                                                                                                                                        		24940HETZNER-ASDEfalse
                                                                                                                                                                        149.154.167.99
                                                                                                                                                                        		t.meUnited Kingdom
                                                                                                                                                                        		62041TELEGRAMRUfalse

                                                                                                                                                                        General Information

                                                                                                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                        Analysis ID:1587653
                                                                                                                                                                        Start date and time:2025-01-10 16:23:46 +01:00
                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                        Overall analysis duration:0h 5m 56s
                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                        Report type:full
                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                        Number of analysed new started processes analysed:7
                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                        Technologies:
                                                                                                                                                                        • HCA enabled
                                                                                                                                                                        • EGA enabled
                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                        Sample name:4hQFnbWlj8.exe
                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                        Original Sample Name:d0379319a04dc9cfb050269fb99c68d574d11e3b10da6a10b8a984eb6b1324d4.exe
                                                                                                                                                                        Detection:MAL
                                                                                                                                                                        Classification:mal96.troj.evad.winEXE@4/3@2/3
                                                                                                                                                                        EGA Information:
                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                        HCA Information:
                                                                                                                                                                        • Successful, ratio: 82%
                                                                                                                                                                        • Number of executed functions: 19
                                                                                                                                                                        • Number of non-executed functions: 205
                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                        Warnings

                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
                                                                                                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                        Simulations

                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                        10:26:28API Interceptor1x Sleep call for process: 4hQFnbWlj8.exe modified

                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                        IPs

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                        104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                        • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                        http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                        • www.valvesoftware.com/legal.htm
                                                                                                                                                                        95.217.25.228file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • telegram.org/img/favicon.ico
                                                                                                                                                                            http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • telegram.org/
                                                                                                                                                                            http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                            http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • telegram.org/
                                                                                                                                                                            http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • telegram.org/
                                                                                                                                                                            http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • telegram.org/?setln=pl
                                                                                                                                                                            http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • telegram.org/
                                                                                                                                                                            http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • telegram.dog/
                                                                                                                                                                            LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                            • t.me/cinoshibot
                                                                                                                                                                            jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                            • t.me/cinoshibot

                                                                                                                                                                            Domains

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            t.meDyM4yXX.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            5dFLJyS86S.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 46.105.202.207
                                                                                                                                                                            http://t.me/hhackplusGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            https://sendbot.me/mousse-w0fysl7Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.26.12.222
                                                                                                                                                                            ZT0KQ1PC.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            RisingStrip.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            steamcommunity.comHouseholdsClicking.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            davies.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            FeedStation.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            DodSussex.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            DangerousMidlands.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            PortugalForum_nopump.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            fghj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            CondosGold_nopump.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            PortugalForum_nopump.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.102.49.254

                                                                                                                                                                            ASNs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            TELEGRAMRUB7N48hmO78.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            VIAmJUhQ54.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            PO#17971.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            RFQ SHEETS PX2 MULE25 SHENZHEN LUCKY.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            https://marcuso-wq.github.io/home/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            #U0130LC#U0130 HOLD#U0130NG a.s fiyati_teklif 017867Sipari#U015fi jpeg doc .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                            HETZNER-ASDEQUOTATION-9044456778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                            • 195.201.57.90
                                                                                                                                                                            http://pdfdrive.com.coGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 178.63.248.53
                                                                                                                                                                            1162-201.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 136.243.64.147
                                                                                                                                                                            3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 197.242.86.251
                                                                                                                                                                            https://199.188.109.181Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 188.40.164.54
                                                                                                                                                                            n41dQbiw1Y.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                                            • 188.40.141.211
                                                                                                                                                                            https://downloads.jam-software.de/ultrasearch/UltraSearch-Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 116.202.5.43
                                                                                                                                                                            https://customers.jam-software.de/downloadTrialProcess.php?article_no=671&Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 78.47.225.43
                                                                                                                                                                            Appraisal-nation-Review_and_Signature_Request46074.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 195.201.80.48
                                                                                                                                                                            AKAMAI-ASUSHouseholdsClicking.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            davies.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            FeedStation.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            DodSussex.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            DangerousMidlands.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            PortugalForum_nopump.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            fghj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            CondosGold_nopump.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            PortugalForum_nopump.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.102.49.254

                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19Mmm7GmDcR4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            g7Mz6hLxqw.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            ln5S7fIBkY.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            Osb7hkGfAb.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            SvmL9tW29w.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            Osb7hkGfAb.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            fTSt7dc60O.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            vq6jxdGvD6.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            Ub46mg9pn4.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                            fTSt7dc60O.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                            • 149.154.167.99

                                                                                                                                                                            Dropped Files

                                                                                                                                                                            No context

                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199803837316[1].htm

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3254)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):35600
                                                                                                                                                                            Entropy (8bit):5.371268045874134
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:l5pq/Ku4fmBC5ReOpDLzQlFbaXfsW9l+X9hJYFn5OMF5CBHxaXfsW9l+X9hJYM2m:l58/Ku4fmBC5ReOpDLabaXfsW9l+X9hv
                                                                                                                                                                            MD5:EA7753F59654EF37A7F6799A60952CA8
                                                                                                                                                                            SHA1:DE3813A89E14D096E2F70A3CA2E31D54D00A387B
                                                                                                                                                                            SHA-256:7F80A26822F4DB00D81DF1BEE99271E8ABEEA95A026EA1A9EDAD368CC790AA0C
                                                                                                                                                                            SHA-512:041A7170EB340D592D8C2D5923BB8B1AA8CF148A1D8EB3362F6BBD27D4C02101D924F082C9C662B3807C67E5F6689138B3AEB35D1E7860D27ADD888EC66CA981
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:<!DOCTYPE html>.<html class=" responsive" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: g88pa https://95.217.25.228|</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\76561199803837316[1].htm

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3254)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):35600
                                                                                                                                                                            Entropy (8bit):5.371214968843758
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:l5pq/Ku4fmBC5ReOpDLzQlFbaXfsW9l+X9hJYFn5OMF5CBHxaXfsW9l+X9hJYM2c:l58/Ku4fmBC5ReOpDLabaXfsW9l+X9hN
                                                                                                                                                                            MD5:F5E2749462FDDCE2B8556293093D8704
                                                                                                                                                                            SHA1:4334B46666E093EFE31638FA43EEC78916469699
                                                                                                                                                                            SHA-256:15D942CBD3D870D2532450F4A9A477FAD32E3B3D20A0D58C9A38BF2609451900
                                                                                                                                                                            SHA-512:7134329256CB41F4019468CEE4E2CD3A46AC31B16EB841E359EEE0D10520C2C0AB9EF85F3AE21BF6D58741FC7FAFCE1CE8DB84D42790F14A3C12F9D001C88ABE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:<!DOCTYPE html>.<html class=" responsive" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: g88pa https://95.217.25.228|</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8

                                                                                                                                                                            \Device\ConDrv

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:V:V
                                                                                                                                                                            MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                                            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                                            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                                            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                            Preview:0

                                                                                                                                                                            Static File Info

                                                                                                                                                                            General

                                                                                                                                                                            File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                            Entropy (8bit):7.391713485730794
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                            File name:4hQFnbWlj8.exe
                                                                                                                                                                            File size:1'122'304 bytes
                                                                                                                                                                            MD5:4ce2ce1838b14b0dda1477b7d5c57e9e
                                                                                                                                                                            SHA1:2a325cbebf2b6e5dc0a86a515673f78a215b8877
                                                                                                                                                                            SHA256:d0379319a04dc9cfb050269fb99c68d574d11e3b10da6a10b8a984eb6b1324d4
                                                                                                                                                                            SHA512:b9d533eb829f0a91180ec68f5b2adc341ed6f0cb0391452823763a09d7cac39e0f9dc62c0679e30dba94b0ff647d7ee9426f886ebb879697a2efd8d787229cad
                                                                                                                                                                            SSDEEP:24576:vEN/si2azuLhn21szZkveEPNoYeOvxV3mhfyHU4Cvb6cnZOmKOWA7:ONz3aWeE6YTifyHU4CD6cZoO5
                                                                                                                                                                            TLSH:D6355B04E911D1AFFE0D59B2915882C85C539B200F71C9E7BEAD6E253FEE7B21C26352
                                                                                                                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...?3Hg..........................................@.......................................@..................................;..P..

                                                                                                                                                                            File Icon

                                                                                                                                                                            Icon Hash:90cececece8e8eb0

                                                                                                                                                                            Static PE Info

                                                                                                                                                                            General

                                                                                                                                                                            Entrypoint:0x489dec
                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            Subsystem:windows cui
                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                            Time Stamp:0x6748333F [Thu Nov 28 09:09:19 2024 UTC]
                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                            File Version Major:6
                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                            Import Hash:bb056fb7e1da8cae84145e3bec77d9d4

                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                            Instruction
                                                                                                                                                                            call 00007FAA34BB3CAAh
                                                                                                                                                                            jmp 00007FAA34BB3B19h
                                                                                                                                                                            mov ecx, dword ptr [004A7584h]
                                                                                                                                                                            push esi
                                                                                                                                                                            push edi
                                                                                                                                                                            mov edi, BB40E64Eh
                                                                                                                                                                            mov esi, FFFF0000h
                                                                                                                                                                            cmp ecx, edi
                                                                                                                                                                            je 00007FAA34BB3CA6h
                                                                                                                                                                            test esi, ecx
                                                                                                                                                                            jne 00007FAA34BB3CC8h
                                                                                                                                                                            call 00007FAA34BB3CD1h
                                                                                                                                                                            mov ecx, eax
                                                                                                                                                                            cmp ecx, edi
                                                                                                                                                                            jne 00007FAA34BB3CA9h
                                                                                                                                                                            mov ecx, BB40E64Fh
                                                                                                                                                                            jmp 00007FAA34BB3CB0h
                                                                                                                                                                            test esi, ecx
                                                                                                                                                                            jne 00007FAA34BB3CACh
                                                                                                                                                                            or eax, 00004711h
                                                                                                                                                                            shl eax, 10h
                                                                                                                                                                            or ecx, eax
                                                                                                                                                                            mov dword ptr [004A7584h], ecx
                                                                                                                                                                            not ecx
                                                                                                                                                                            pop edi
                                                                                                                                                                            mov dword ptr [004A7580h], ecx
                                                                                                                                                                            pop esi
                                                                                                                                                                            ret
                                                                                                                                                                            push ebp
                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                            sub esp, 14h
                                                                                                                                                                            and dword ptr [ebp-0Ch], 00000000h
                                                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                            and dword ptr [ebp-08h], 00000000h
                                                                                                                                                                            push eax
                                                                                                                                                                            call dword ptr [004A3E30h]
                                                                                                                                                                            mov eax, dword ptr [ebp-08h]
                                                                                                                                                                            xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                            mov dword ptr [ebp-04h], eax
                                                                                                                                                                            call dword ptr [004A3DECh]
                                                                                                                                                                            xor dword ptr [ebp-04h], eax
                                                                                                                                                                            call dword ptr [004A3DE8h]
                                                                                                                                                                            xor dword ptr [ebp-04h], eax
                                                                                                                                                                            lea eax, dword ptr [ebp-14h]
                                                                                                                                                                            push eax
                                                                                                                                                                            call dword ptr [004A3E7Ch]
                                                                                                                                                                            mov eax, dword ptr [ebp-10h]
                                                                                                                                                                            lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                            xor eax, dword ptr [ebp-14h]
                                                                                                                                                                            xor eax, dword ptr [ebp-04h]
                                                                                                                                                                            xor eax, ecx
                                                                                                                                                                            leave
                                                                                                                                                                            ret
                                                                                                                                                                            mov eax, 00004000h
                                                                                                                                                                            ret
                                                                                                                                                                            push 004A9F00h
                                                                                                                                                                            call dword ptr [004A3E58h]
                                                                                                                                                                            ret
                                                                                                                                                                            mov al, 01h
                                                                                                                                                                            ret
                                                                                                                                                                            push 00030000h
                                                                                                                                                                            push 00010000h
                                                                                                                                                                            push 00000000h
                                                                                                                                                                            call 00007FAA34BB75A1h

                                                                                                                                                                            Data Directories

                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xa3b800x50.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xad0000x4eac.reloc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0xa08c80x18.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x9d4b00xc0.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0xa3d800x1b0.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                            Sections

                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                            .text0x10000x9aa4a0x9ac0051cea9163c25a66dbd0f4334aba7a1d8False0.37038223192649433data6.647891981343546IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .rdata0x9c0000x902c0x9200b2fc8022f0ee28ee55dccbd98c0ad6a4False0.440255779109589TeX font metric data5.000677868033684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .data0xa60000x45ec0x22002afda32a0303344a92e89994b1f98098False0.322265625data5.341604192494311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .00cfg0xab0000x80x200acb3c1b9f0ee872b31028ec712d9625bFalse0.03125OpenPGP Public Key0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .tls0xac0000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .reloc0xad0000x4eac0x500095f38d2925dfbd52937d2a6173327064False0.739990234375data6.700858066983583IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .bss0xb20000x666000x66600a1cad7b361cbf3f3bc118bb43bf3d7c5False1.0003243284493284data7.999546477236083IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                            Imports

                                                                                                                                                                            DLLImport
                                                                                                                                                                            KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateEventW, CreateFileW, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeConditionVariable, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, InitializeSRWLock, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, ReleaseSRWLockExclusive, ResetEvent, RtlUnwind, SetEnvironmentVariableW, SetEvent, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableCS, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryEnterCriticalSection, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, WaitForSingleObjectEx, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                                                                            USER32.dllBeginPaint, CreateWindowExW, DefWindowProcW, DispatchMessageW, EndPaint, GetMessageW, PostQuitMessage, RegisterClassW, ShowWindow, TranslateMessage, UpdateWindow
                                                                                                                                                                            GDI32.dllTextOutW

                                                                                                                                                                            Network Behavior

                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                            2025-01-10T16:24:45.367484+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.45001595.217.25.228443TCP
                                                                                                                                                                            2025-01-10T16:25:19.902408+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44973795.217.25.228443TCP
                                                                                                                                                                            2025-01-10T16:25:54.276605+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44974195.217.25.228443TCP
                                                                                                                                                                            2025-01-10T16:26:28.523577+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44984795.217.25.228443TCP

                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                            TCP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Jan 10, 2025 16:24:45.384510994 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:45.384553909 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:45.384612083 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:45.411201000 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:45.411230087 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.037014961 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.037391901 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:46.091434956 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:46.091456890 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.091917992 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.092020988 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:46.095832109 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:46.139364958 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.341212034 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.341244936 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.341322899 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.341336012 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.341408968 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:46.341408968 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:46.365092993 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:24:46.365118027 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.391016960 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:46.391071081 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.391338110 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:46.391521931 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:46.391544104 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.065541029 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.065893888 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.070643902 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.070656061 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.070914984 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.071089029 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.071732998 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.115331888 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.570106030 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.570127010 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.570164919 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.570225954 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.570252895 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.570293903 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.570971966 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.664623976 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.664664984 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.664773941 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.664774895 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.664813995 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.664868116 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.669636965 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.669717073 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.674199104 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.674268961 CET44349736104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.674289942 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.674356937 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.674356937 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.674405098 CET49736443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:24:47.734966993 CET49737443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:24:47.735021114 CET4434973795.217.25.228192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:47.735126019 CET49737443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:24:47.735575914 CET49737443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:24:47.735591888 CET4434973795.217.25.228192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:19.902407885 CET49737443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:25:19.904234886 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:19.904277086 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:19.904339075 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:19.904681921 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:19.904699087 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:20.514100075 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:20.514168978 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:20.514808893 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:20.514820099 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:20.516889095 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:20.516899109 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:20.808765888 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:20.808801889 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:20.808845043 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:20.808887005 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:20.809264898 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:20.809264898 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:20.809264898 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:20.830127001 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:20.830188036 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:20.830269098 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:20.830537081 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:20.830553055 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:21.120038033 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:21.120065928 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:21.496165991 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:21.496260881 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:21.496756077 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:21.496771097 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:21.498524904 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:21.498541117 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.031745911 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.031771898 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.031790972 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.031809092 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.031830072 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.031841993 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.031872988 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.131386995 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.131417990 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.131484985 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.131498098 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.131545067 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.134121895 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.134177923 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.134182930 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.134219885 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.134226084 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.134252071 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.134275913 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.134284019 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.135730028 CET49740443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:22.135745049 CET44349740104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.187655926 CET49741443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:25:22.187701941 CET4434974195.217.25.228192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:22.187758923 CET49741443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:25:22.188308001 CET49741443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:25:22.188318014 CET4434974195.217.25.228192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:54.276604891 CET49741443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:25:54.291186094 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:54.291237116 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:54.291318893 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:54.291547060 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:54.291559935 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:54.910840034 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:54.910928965 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:54.911695957 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:54.911701918 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:54.920933962 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:54.920939922 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.166754961 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.166783094 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.166814089 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.166817904 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:55.166846037 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.166865110 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.166870117 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:55.166944027 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:55.167263031 CET49831443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:25:55.167279005 CET44349831149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.188100100 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:55.188128948 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.188446999 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:55.188446999 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:55.188469887 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.818173885 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.818317890 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:55.818882942 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:55.818892956 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:55.820636988 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:55.820641994 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.321593046 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.321625948 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.321650982 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.321729898 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.321729898 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.321743965 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.321804047 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.419461012 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.419487000 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.419734001 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.419747114 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.419843912 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.424612999 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.424686909 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.431036949 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.431111097 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.431147099 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.431147099 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.431204081 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.431221008 CET44349837104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.431284904 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.431324005 CET49837443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:25:56.446736097 CET49847443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:25:56.446794033 CET4434984795.217.25.228192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:25:56.446888924 CET49847443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:25:56.447182894 CET49847443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:25:56.447263956 CET4434984795.217.25.228192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:28.523576975 CET49847443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:26:28.525770903 CET50012443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:28.525815010 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:28.525898933 CET50012443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:28.527127028 CET50012443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:28.527144909 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.160660028 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.160744905 CET50012443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:29.164288998 CET50012443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:29.164299965 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.166265011 CET50012443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:29.166280031 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.453147888 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.453175068 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.453212023 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.453248978 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.453291893 CET50012443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:29.453399897 CET50012443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:29.453576088 CET50012443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:29.453600883 CET44350012149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.574181080 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:29.574225903 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:29.574307919 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:29.574592113 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:29.574608088 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.196556091 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.196666956 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:30.197190046 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:30.197208881 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.199213028 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:30.199235916 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.485435963 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.485457897 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.485492945 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.485517979 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.485531092 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:30.485589027 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:30.485805988 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                            Jan 10, 2025 16:26:30.485819101 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.497349024 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:30.497386932 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:30.497462034 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:30.497772932 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:30.497788906 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.153584957 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.153662920 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.155291080 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.155322075 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.158003092 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.158010960 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.674498081 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.674536943 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.674546003 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.674587011 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.674618959 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.674633980 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.674711943 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.772263050 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.772293091 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.772351027 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.772367954 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.772397995 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.772413969 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.777723074 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.777801037 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.777811050 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.777837992 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.777852058 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.777924061 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.778188944 CET50014443192.168.2.4104.102.49.254
                                                                                                                                                                            Jan 10, 2025 16:26:31.778204918 CET44350014104.102.49.254192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.828375101 CET50015443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:26:31.828411102 CET4435001595.217.25.228192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:26:31.828813076 CET50015443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:26:31.828813076 CET50015443192.168.2.495.217.25.228
                                                                                                                                                                            Jan 10, 2025 16:26:31.828843117 CET4435001595.217.25.228192.168.2.4

                                                                                                                                                                            UDP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Jan 10, 2025 16:24:45.367484093 CET5045753192.168.2.41.1.1.1
                                                                                                                                                                            Jan 10, 2025 16:24:45.374916077 CET53504571.1.1.1192.168.2.4
                                                                                                                                                                            Jan 10, 2025 16:24:46.383363962 CET6431853192.168.2.41.1.1.1
                                                                                                                                                                            Jan 10, 2025 16:24:46.390331030 CET53643181.1.1.1192.168.2.4

                                                                                                                                                                            DNS Queries

                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                            Jan 10, 2025 16:24:45.367484093 CET192.168.2.41.1.1.10xba22Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                            Jan 10, 2025 16:24:46.383363962 CET192.168.2.41.1.1.10x29dcStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                            DNS Answers

                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                            Jan 10, 2025 16:24:45.374916077 CET1.1.1.1192.168.2.40xba22No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                            Jan 10, 2025 16:24:46.390331030 CET1.1.1.1192.168.2.40x29dcNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                            • t.me
                                                                                                                                                                            • steamcommunity.com

                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.449735149.154.167.994437520C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2025-01-10 15:24:46 UTC85OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                            Host: t.me
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2025-01-10 15:24:46 UTC510INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                            Date: Fri, 10 Jan 2025 15:24:46 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Content-Length: 9539
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065; expires=Sat, 11 Jan 2025 15:24:46 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                            2025-01-10 15:24:46 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.449736104.102.49.2544437520C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2025-01-10 15:24:47 UTC119OUTGET /profiles/76561199803837316 HTTP/1.1
                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2025-01-10 15:24:47 UTC1917INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Date: Fri, 10 Jan 2025 15:24:47 GMT
                                                                                                                                                                            Content-Length: 35600
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: sessionid=da5101e589816dbc6a430faa; Path=/; Secure; SameSite=None
                                                                                                                                                                            Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                            2025-01-10 15:24:47 UTC14467INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                            2025-01-10 15:24:47 UTC16384INData Raw: 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0a 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6d 61 72 6b 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20
                                                                                                                                                                            Data Ascii: <a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="submenuitem" href="https://steamcommunity.com/market/">Market</a><a class="submenuitem"
                                                                                                                                                                            2025-01-10 15:24:47 UTC3768INData Raw: 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73
                                                                                                                                                                            Data Ascii: </div></div><div class="profile_header_badgeinfo"><div class="profile_header_badgeinfo_badge_area"><a data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https
                                                                                                                                                                            2025-01-10 15:24:47 UTC981INData Raw: 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f
                                                                                                                                                                            Data Ascii: y <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            2192.168.2.449739149.154.167.994437520C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2025-01-10 15:25:20 UTC143OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                            Host: t.me
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
                                                                                                                                                                            2025-01-10 15:25:20 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                            Date: Fri, 10 Jan 2025 15:25:20 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Content-Length: 9539
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                            2025-01-10 15:25:20 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            3192.168.2.449740104.102.49.2544437520C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2025-01-10 15:25:21 UTC215OUTGET /profiles/76561199803837316 HTTP/1.1
                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: sessionid=da5101e589816dbc6a430faa; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                            2025-01-10 15:25:22 UTC1733INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Date: Fri, 10 Jan 2025 15:25:21 GMT
                                                                                                                                                                            Content-Length: 35600
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2025-01-10 15:25:22 UTC14651INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                            2025-01-10 15:25:22 UTC16384INData Raw: 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09
                                                                                                                                                                            Data Ascii: et/">Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">
                                                                                                                                                                            2025-01-10 15:25:22 UTC3584INData Raw: 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 38 30 33 38 33 37 33 31 36 2f 62 61 64 67 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 22 3e 4c 65 76 65 6c 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 20 6c 76 6c 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65
                                                                                                                                                                            Data Ascii: quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199803837316/badges"><div class="persona_name persona_level">Level <div class="friendPlayerLevel lvl_0"><span class="friendPlayerLe
                                                                                                                                                                            2025-01-10 15:25:22 UTC981INData Raw: 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f
                                                                                                                                                                            Data Ascii: y <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            4192.168.2.449831149.154.167.994437520C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2025-01-10 15:25:54 UTC143OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                            Host: t.me
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
                                                                                                                                                                            2025-01-10 15:25:55 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                            Date: Fri, 10 Jan 2025 15:25:55 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Content-Length: 9538
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                            2025-01-10 15:25:55 UTC9538INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            5192.168.2.449837104.102.49.2544437520C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2025-01-10 15:25:55 UTC215OUTGET /profiles/76561199803837316 HTTP/1.1
                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: sessionid=da5101e589816dbc6a430faa; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                            2025-01-10 15:25:56 UTC1733INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Date: Fri, 10 Jan 2025 15:25:56 GMT
                                                                                                                                                                            Content-Length: 35600
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2025-01-10 15:25:56 UTC14651INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                            2025-01-10 15:25:56 UTC16384INData Raw: 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09
                                                                                                                                                                            Data Ascii: et/">Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">
                                                                                                                                                                            2025-01-10 15:25:56 UTC3584INData Raw: 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 38 30 33 38 33 37 33 31 36 2f 62 61 64 67 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 22 3e 4c 65 76 65 6c 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 20 6c 76 6c 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65
                                                                                                                                                                            Data Ascii: quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199803837316/badges"><div class="persona_name persona_level">Level <div class="friendPlayerLevel lvl_0"><span class="friendPlayerLe
                                                                                                                                                                            2025-01-10 15:25:56 UTC981INData Raw: 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f
                                                                                                                                                                            Data Ascii: y <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            6192.168.2.450012149.154.167.994437520C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2025-01-10 15:26:29 UTC143OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                            Host: t.me
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
                                                                                                                                                                            2025-01-10 15:26:29 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                            Date: Fri, 10 Jan 2025 15:26:29 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Content-Length: 9539
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                            2025-01-10 15:26:29 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            7192.168.2.450013149.154.167.994437520C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2025-01-10 15:26:30 UTC143OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                            Host: t.me
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: stel_ssid=c5ae06305a26fe3b1d_2771885071072910065
                                                                                                                                                                            2025-01-10 15:26:30 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                            Date: Fri, 10 Jan 2025 15:26:30 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Content-Length: 9539
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                            2025-01-10 15:26:30 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            8192.168.2.450014104.102.49.2544437520C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2025-01-10 15:26:31 UTC215OUTGET /profiles/76561199803837316 HTTP/1.1
                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: sessionid=da5101e589816dbc6a430faa; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                            2025-01-10 15:26:31 UTC1733INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Date: Fri, 10 Jan 2025 15:26:31 GMT
                                                                                                                                                                            Content-Length: 35600
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2025-01-10 15:26:31 UTC14651INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                            2025-01-10 15:26:31 UTC16384INData Raw: 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09
                                                                                                                                                                            Data Ascii: et/">Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">
                                                                                                                                                                            2025-01-10 15:26:31 UTC3584INData Raw: 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 38 30 33 38 33 37 33 31 36 2f 62 61 64 67 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 22 3e 4c 65 76 65 6c 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 20 6c 76 6c 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65
                                                                                                                                                                            Data Ascii: quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199803837316/badges"><div class="persona_name persona_level">Level <div class="friendPlayerLevel lvl_0"><span class="friendPlayerLe
                                                                                                                                                                            2025-01-10 15:26:31 UTC981INData Raw: 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f
                                                                                                                                                                            Data Ascii: y <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_


                                                                                                                                                                            Statistics

                                                                                                                                                                            CPU Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Memory Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Behavior

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            System Behavior

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:0
                                                                                                                                                                            Start time:10:24:43
                                                                                                                                                                            Start date:10/01/2025
                                                                                                                                                                            Path:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\4hQFnbWlj8.exe"
                                                                                                                                                                            Imagebase:0x830000
                                                                                                                                                                            File size:1'122'304 bytes
                                                                                                                                                                            MD5 hash:4CE2CE1838B14B0DDA1477B7D5C57E9E
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:1
                                                                                                                                                                            Start time:10:24:43
                                                                                                                                                                            Start date:10/01/2025
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:2
                                                                                                                                                                            Start time:10:24:44
                                                                                                                                                                            Start date:10/01/2025
                                                                                                                                                                            Path:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\4hQFnbWlj8.exe"
                                                                                                                                                                            Imagebase:0x830000
                                                                                                                                                                            File size:1'122'304 bytes
                                                                                                                                                                            MD5 hash:4CE2CE1838B14B0DDA1477B7D5C57E9E
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Disassembly

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:2.7%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                              Signature Coverage:24.8%
                                                                                                                                                                              Total number of Nodes:202
                                                                                                                                                                              Total number of Limit Nodes:13
                                                                                                                                                                              execution_graph 31333 8c508c 49 API calls 31335 8b8c89 DeleteCriticalSection 31339 8b8c9f TryEnterCriticalSection 31343 8b7c90 32 API calls 31428 8c0191 34 API calls 2 library calls 31344 8b8c94 EnterCriticalSection 31226 8d61a9 31231 8d61df 31226->31231 31227 8d632c GetPEB 31228 8d633e CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 31227->31228 31229 8d63e5 WriteProcessMemory 31228->31229 31228->31231 31230 8d642a 31229->31230 31232 8d646c WriteProcessMemory Wow64SetThreadContext ResumeThread 31230->31232 31233 8d642f WriteProcessMemory 31230->31233 31231->31227 31231->31228 31233->31230 31429 847ba0 19 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31433 8b9ba5 60 API calls __RTC_Initialize 31434 8b9da5 21 API calls CallUnexpected 31435 845db0 30 API calls 2 library calls 31354 8764b0 68 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31240 8b7cb2 31243 8b7cb7 31240->31243 31242 8b7cd1 31243->31242 31249 8b7cd3 31243->31249 31256 8be3f4 31243->31256 31263 8bd311 EnterCriticalSection LeaveCriticalSection _unexpected 31243->31263 31245 8b8f42 31265 8459e0 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31245->31265 31247 8b8f51 31266 8b9f57 RaiseException 31247->31266 31249->31245 31264 8b9f57 RaiseException 31249->31264 31250 8b8f5f IsProcessorFeaturePresent 31253 8b8f75 31250->31253 31267 8b905a SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31253->31267 31255 8b9058 31261 8c160d _unexpected 31256->31261 31257 8c164b 31269 8c1415 14 API calls __strnicoll 31257->31269 31259 8c1636 RtlAllocateHeap 31260 8c1649 31259->31260 31259->31261 31260->31243 31261->31257 31261->31259 31268 8bd311 EnterCriticalSection LeaveCriticalSection _unexpected 31261->31268 31263->31243 31264->31245 31265->31247 31266->31250 31267->31255 31268->31261 31269->31260 31357 8bf6cb FreeLibrary 31359 8b8cc1 LeaveCriticalSection 31444 8b83c1 14 API calls 2 library calls 31445 8c9fc7 IsProcessorFeaturePresent 31446 8c89d8 43 API calls __strnicoll 31276 8b82d0 31297 8b8235 GetModuleHandleExW 31276->31297 31279 8b830f __Mtx_unlock 31281 8b8235 Concurrency::details::_Reschedule_chore GetModuleHandleExW 31279->31281 31283 8b8323 31281->31283 31282 8b8309 31310 855950 57 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31282->31310 31285 8b8344 31283->31285 31311 8b8218 GetModuleHandleExW 31283->31311 31299 884da0 31285->31299 31287 8b8334 31287->31285 31288 8b833a FreeLibraryWhenCallbackReturns 31287->31288 31288->31285 31290 8b8235 Concurrency::details::_Reschedule_chore GetModuleHandleExW 31291 8b835a 31290->31291 31295 8b836b __Mtx_unlock __Cnd_broadcast 31291->31295 31312 8b8c01 13 API calls 31291->31312 31293 8b8365 31313 855950 57 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31293->31313 31298 8b824b 31297->31298 31298->31279 31309 8b8c01 13 API calls 31298->31309 31307 884dfc 31299->31307 31300 884f84 31301 8b7d26 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 31300->31301 31302 884f90 31301->31302 31302->31290 31303 885200 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31303->31307 31304 8853a0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31304->31307 31305 8855d0 6 API calls 31305->31307 31306 8859f0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31306->31307 31307->31300 31307->31303 31307->31304 31307->31305 31307->31306 31314 895870 31307->31314 31309->31282 31310->31279 31311->31287 31312->31293 31313->31295 31321 8958cc 31314->31321 31315 8959f7 31316 8b7d26 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 31315->31316 31317 895a03 31316->31317 31317->31307 31318 895db0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31318->31321 31319 895f60 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31319->31321 31320 8960e0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31320->31321 31321->31315 31321->31318 31321->31319 31321->31320 31323 8a3340 31321->31323 31324 8a3397 31323->31324 31325 8a53f0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31324->31325 31326 8a5550 73 API calls 31324->31326 31327 8a4ca0 65 API calls 31324->31327 31328 86f780 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31324->31328 31329 8a382f 31324->31329 31332 8a5260 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31324->31332 31325->31324 31326->31324 31327->31324 31328->31324 31330 8b7d26 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 31329->31330 31331 8a383b 31330->31331 31331->31321 31332->31324 31366 8be0ef 7 API calls 31367 8b8cee RtlTryAcquireSRWLockExclusive 31450 8b9dec GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 31369 8b8ce3 AcquireSRWLockExclusive 31451 8b91fb 49 API calls _unexpected 31234 8525f0 31235 85264c 31234->31235 31236 85275c 31235->31236 31239 8527a0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31235->31239 31237 8b7d26 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 31236->31237 31238 852771 31237->31238 31239->31235 31455 8c01f1 15 API calls 31376 8bb6f4 66 API calls 31377 831000 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31378 83c200 45 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31457 85a500 65 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31379 8b8a03 41 API calls _unexpected 31459 8c911f 20 API calls 31461 8c3319 11 API calls __strnicoll 31383 8b8413 41 API calls __EH_prolog3 31465 8b8d10 ReleaseSRWLockExclusive 31386 8c3612 49 API calls 3 library calls 31388 859e20 46 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31270 8ab520 31271 8ab57c 31270->31271 31272 8ab6b0 65 API calls 31271->31272 31273 8ab663 31271->31273 31272->31271 31274 8b7d26 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 31273->31274 31275 8ab676 31274->31275 31467 8baf27 7 API calls ___scrt_uninitialize_crt 31468 8bb126 73 API calls 2 library calls 31212 83a330 31217 83a38c 31212->31217 31213 83a4e4 31218 8b7d26 31213->31218 31215 83a4f4 31216 83c5a0 72 API calls 31216->31217 31217->31213 31217->31216 31219 8b7d2f IsProcessorFeaturePresent 31218->31219 31220 8b7d2e 31218->31220 31222 8b8f75 31219->31222 31220->31215 31225 8b905a SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31222->31225 31224 8b9058 31224->31215 31225->31224 31392 853430 29 API calls 2 library calls 31472 8b7d34 44 API calls 31393 8b7c48 33 API calls 31395 84ca40 8 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31474 8bfb4d GetProcessHeap 31475 8b974d 41 API calls 31402 8b8a47 WakeConditionVariable 31403 8b9c58 30 API calls 31404 8bb05e 15 API calls 2 library calls 31405 8b7c5e 34 API calls 31407 8ba45c 52 API calls 2 library calls 31410 8b8a52 WakeAllConditionVariable 31483 8aa950 32 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31149 8b9c6a 31150 8b9c76 ___scrt_is_nonwritable_in_current_image 31149->31150 31174 8b803e 31150->31174 31152 8b9c7d 31153 8b9dd6 31152->31153 31163 8b9ca7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 31152->31163 31193 8b90e0 4 API calls 2 library calls 31153->31193 31155 8b9ddd 31194 8bcfdf 21 API calls CallUnexpected 31155->31194 31157 8b9de3 31195 8bcff5 21 API calls CallUnexpected 31157->31195 31159 8b9deb 31160 8b9cc6 31161 8b9d47 31185 8bdb56 31161->31185 31163->31160 31163->31161 31189 8bd029 39 API calls 3 library calls 31163->31189 31165 8b9d4d 31166 8b9d64 31165->31166 31190 8b908a GetModuleHandleW 31166->31190 31168 8b9d6e 31168->31155 31169 8b9d72 31168->31169 31170 8b9d7b 31169->31170 31191 8bd00b 21 API calls CallUnexpected 31169->31191 31192 8b8077 75 API calls ___scrt_uninitialize_crt 31170->31192 31173 8b9d84 31173->31160 31175 8b8047 31174->31175 31196 8b9251 IsProcessorFeaturePresent 31175->31196 31177 8b8053 31197 8ba5e8 10 API calls 2 library calls 31177->31197 31179 8b8058 31184 8b805c 31179->31184 31198 8baf97 31179->31198 31182 8b8073 31182->31152 31184->31152 31186 8bdb64 31185->31186 31187 8bdb5f 31185->31187 31186->31165 31211 8bdc7f 57 API calls 31187->31211 31189->31161 31190->31168 31191->31170 31192->31173 31193->31155 31194->31157 31195->31159 31196->31177 31197->31179 31202 8c0c9c 31198->31202 31201 8ba607 7 API calls 2 library calls 31201->31184 31203 8c0cac 31202->31203 31204 8b8065 31202->31204 31203->31204 31206 8c02d3 31203->31206 31204->31182 31204->31201 31210 8c02da 31206->31210 31207 8c031d GetStdHandle 31207->31210 31208 8c037f 31208->31203 31209 8c0330 GetFileType 31209->31210 31210->31207 31210->31208 31210->31209 31211->31186 31485 8bfb68 16 API calls __strnicoll 31486 83bf60 79 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31488 851d60 39 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31413 88a260 73 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31414 8ba660 40 API calls 5 library calls 31416 8b8264 66 API calls __Mtx_unlock 31417 8b7c78 34 API calls 31418 84d470 7 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31490 8bb17e GetCommandLineA GetCommandLineW 31420 8afc70 67 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 31421 8b8a74 40 API calls 2 library calls

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 008D61A9 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,008D611B,008D610B), ref: 008D633F
                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 008D6352
                                                                                                                                                                              • Wow64GetThreadContext.KERNEL32(0000009C,00000000), ref: 008D6370
                                                                                                                                                                              • ReadProcessMemory.KERNELBASE(00000098,?,008D615F,00000004,00000000), ref: 008D6394
                                                                                                                                                                              • VirtualAllocEx.KERNELBASE(00000098,?,?,00003000,00000040), ref: 008D63BF
                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(00000098,00000000,?,?,00000000,?), ref: 008D6417
                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(00000098,00400000,?,?,00000000,?,00000028), ref: 008D6462
                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(00000098,?,?,00000004,00000000), ref: 008D64A0
                                                                                                                                                                              • Wow64SetThreadContext.KERNEL32(0000009C,01180000), ref: 008D64DC
                                                                                                                                                                              • ResumeThread.KERNELBASE(0000009C), ref: 008D64EB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                              • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                              • API String ID: 2687962208-3857624555
                                                                                                                                                                              • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                              • Instruction ID: 08deb3dbfe69c72755c6821547cc0e769a0c26dac70aa2e52118a33d4743f9f7
                                                                                                                                                                              • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                              • Instruction Fuzzy Hash: 74B1F67264024AAFDB60CF68CC80BDA77A5FF88714F158125EA08EB341D770FA51CB94
                                                                                                                                                                              Function 008624E0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 320COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 26 8624e0-862534 27 862537-862545 26->27 28 862673-8626dd call 8543a0 27->28 29 86254b-862558 27->29 35 86290b 28->35 32 862742-8627b5 call 8b8613 29->32 33 86255e-86256b 29->33 32->35 39 862571-86257e 33->39 40 8627ba-862802 33->40 35->27 42 8628d4-8628e0 call 8b8613 39->42 43 862584-862591 39->43 40->35 42->35 43->40 47 862597-8625a4 43->47 49 8626e2-8626f7 47->49 50 8625aa-8625b7 47->50 49->35 52 862626-86266e 50->52 53 8625bd-8625ca 50->53 52->35 55 862807-862820 call 854530 53->55 56 8625d0-8625dd 53->56 65 862826-862894 55->65 59 8625e3-8625f0 56->59 60 8626fc-86273d 56->60 63 8625f6-862603 59->63 64 8628b9-8628cf call 8543a0 59->64 60->35 69 862899-8628b8 call 8b7d26 63->69 70 862609-862616 63->70 64->35 65->35 73 8628e5-862904 call 854530 70->73 74 86261c-862621 70->74 73->35 74->35
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ]"-R$]"-R
                                                                                                                                                                              • API String ID: 0-2731245574
                                                                                                                                                                              • Opcode ID: 3e0097b7ea2259ff667d88c49718b555948c78768b78127578f3ffaff53b9683
                                                                                                                                                                              • Instruction ID: e6be2077e8c62b0b6fdf0394d4b7f3fa2f7dac3e868c5f7486b9d4bda776da09
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e0097b7ea2259ff667d88c49718b555948c78768b78127578f3ffaff53b9683
                                                                                                                                                                              • Instruction Fuzzy Hash: CDB12636E405098FCB04CF7CD5A47EE7BF2FB89324F264269D452EB391CA269C069B14
                                                                                                                                                                              Function 0087E340 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 298COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 114 87e340-87e394 115 87e397-87e3a5 114->115 116 87e6e6-87e6fc call 87c4c0 115->116 117 87e3ab-87e3b8 115->117 124 87e738 116->124 120 87e701-87e70d call 8b8613 117->120 121 87e3be-87e3cb 117->121 120->124 126 87e5d4-87e63b 121->126 127 87e3d1-87e3de 121->127 124->115 126->124 130 87e535-87e57d 127->130 131 87e3e4-87e3f1 127->131 130->124 133 87e3f7-87e404 131->133 134 87e4ac-87e516 call 87c4c0 131->134 137 87e486-87e4a7 133->137 138 87e40a-87e417 133->138 134->124 137->124 141 87e640-87e65c call 87c680 call 8acb50 138->141 142 87e41d-87e42a 138->142 149 87e65f-87e6cd 141->149 146 87e430-87e43d 142->146 147 87e51b-87e530 142->147 150 87e443-87e450 146->150 151 87e712-87e731 call 87c680 146->151 147->124 149->124 154 87e456-87e463 150->154 155 87e582-87e5cf call 8b8613 150->155 151->124 159 87e6d2-87e6e5 call 8b7d26 154->159 160 87e469-87e476 154->160 155->124 160->126 165 87e47c-87e481 160->165 165->124
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @^i
                                                                                                                                                                              • API String ID: 0-317961709
                                                                                                                                                                              • Opcode ID: 344029b3337aeaa14f79f598cd1bfb88e66f8b1175e431ddb2b96ffceb8a0633
                                                                                                                                                                              • Instruction ID: 9351e1575a581ba2e47db05fde819b973c2067011cf420f4b0eea6b4bc2d91fc
                                                                                                                                                                              • Opcode Fuzzy Hash: 344029b3337aeaa14f79f598cd1bfb88e66f8b1175e431ddb2b96ffceb8a0633
                                                                                                                                                                              • Instruction Fuzzy Hash: A2A1F036A15109CFCB08CE7CD5A46ED3BF2FB49314F24C16AD419EB3A8DA358D069B64
                                                                                                                                                                              Function 008A6CD0 Relevance: 3.3, APIs: 2, Instructions: 302COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 169 8a6cd0-8a6d1e 170 8a6d21-8a6d2f 169->170 171 8a7094-8a70a0 call 8b8613 170->171 172 8a6d35-8a6d42 170->172 179 8a70cb 171->179 175 8a6d48-8a6d55 172->175 176 8a6ecc-8a6ee1 172->176 180 8a6d5b-8a6d68 175->180 181 8a6f85-8a6fc6 175->181 176->179 179->170 183 8a7079-8a708f call 8a73c0 180->183 184 8a6d6e-8a6d7b 180->184 181->179 183->179 184->181 187 8a6d81-8a6d8e 184->187 190 8a6fcb-8a6fe4 call 8a7580 187->190 191 8a6d94-8a6da1 187->191 198 8a6fea-8a7056 190->198 195 8a6ee6-8a6f2e 191->195 196 8a6da7-8a6db4 191->196 195->179 199 8a6dba-8a6dc7 196->199 200 8a6e5d-8a6ec7 call 8a73c0 196->200 198->179 204 8a705b-8a7078 call 8b7d26 199->204 205 8a6dcd-8a6dda 199->205 200->179 208 8a6f33-8a6f80 call 8b8613 205->208 209 8a6de0-8a6ded 205->209 208->179 213 8a6df3-8a6e00 209->213 214 8a70a5-8a70c4 call 8a7580 209->214 219 8a6e10-8a6e58 213->219 220 8a6e06-8a6e0b 213->220 214->179 219->179 220->179
                                                                                                                                                                              APIs
                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 008A7094
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                                                              • Opcode ID: 5c9b5c203169c54cdc41a5a0ade05757035d0bb2748529873c671c94ab3e6aa7
                                                                                                                                                                              • Instruction ID: 4abebd5a2625d049311925c2356c0924777c4637ff56aae069af4e95bc6cc5cd
                                                                                                                                                                              • Opcode Fuzzy Hash: 5c9b5c203169c54cdc41a5a0ade05757035d0bb2748529873c671c94ab3e6aa7
                                                                                                                                                                              • Instruction Fuzzy Hash: 60A13236B041098FDB04CE7CD9942EE7BF2FB8A324F28811AD542E7795CA364C06DB54
                                                                                                                                                                              Function 008A3340 Relevance: 1.7, Strings: 1, Instructions: 417COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 400 8a3340-8a3394 401 8a3397-8a33a5 400->401 402 8a33ab-8a33b8 401->402 403 8a3619-8a366b call 8a5260 401->403 407 8a33be-8a33cb 402->407 408 8a3670-8a3677 402->408 409 8a38cf 403->409 411 8a3843-8a3865 call 86f780 call 8a4ca0 407->411 412 8a33d1-8a33de 407->412 408->409 409->401 411->409 416 8a3880-8a38c3 call 86f780 call 8a53f0 call 8a5550 call 86f780 call 8b8198 412->416 417 8a33e4-8a33f1 412->417 416->409 422 8a358c-8a35a1 417->422 423 8a33f7-8a3404 417->423 422->409 428 8a340a-8a3417 423->428 429 8a38c8 423->429 433 8a341d-8a342a 428->433 434 8a36c2-8a36e0 call 86f780 call 8a53f0 call 8a5550 428->434 429->409 439 8a3430-8a343d 433->439 440 8a3757-8a37be 433->440 455 8a36e5-8a3746 call 86f780 call 8b8198 434->455 446 8a34f8-8a3587 call 86f780 call 8a4ca0 439->446 447 8a3443-8a3450 439->447 440->409 446->409 452 8a374b-8a3752 447->452 453 8a3456-8a3463 447->453 452->409 459 8a3469-8a3476 453->459 460 8a35a6-8a3614 453->460 455->409 465 8a367c-8a36bd 459->465 466 8a347c-8a3489 459->466 460->409 465->409 469 8a348f-8a349c 466->469 470 8a37c3-8a382a 466->470 472 8a382f-8a3842 call 8b7d26 469->472 473 8a34a2-8a34af 469->473 470->409 476 8a386a-8a387b call 8a5260 473->476 477 8a34b5-8a34c2 473->477 476->409 481 8a34c8-8a34cd 477->481 482 8a34d2-8a34f3 477->482 481->409 482->409
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 9G3
                                                                                                                                                                              • API String ID: 0-878525
                                                                                                                                                                              • Opcode ID: 678c35dd70b2abaaf41af6590f60ad65e6a670a0e7e9b639c49c42fada9f112b
                                                                                                                                                                              • Instruction ID: ebad4451f76796fed1604ee1a4bea1614717eb8147c75dbff83a2460f1dadb9f
                                                                                                                                                                              • Opcode Fuzzy Hash: 678c35dd70b2abaaf41af6590f60ad65e6a670a0e7e9b639c49c42fada9f112b
                                                                                                                                                                              • Instruction Fuzzy Hash: DFD13A76B011148FEF04CE7CD4A57EE37E2F74A324F241629E501EB791DA3D990A9B44
                                                                                                                                                                              Function 008ADB80 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 500 8adb80-8adbd9 501 8adbdc-8adbea 500->501 502 8adc80-8adc8a call 8add30 501->502 503 8adbf0-8adbfd 501->503 508 8adc8f-8adcf6 502->508 506 8adcfb-8add0e call 8b7d26 503->506 507 8adc03-8adc10 503->507 513 8add0f-8add1e call 8add30 507->513 514 8adc16-8adc23 507->514 511 8add25 508->511 511->501 513->511 518 8adc29-8adc2e 514->518 519 8adc33-8adc7b 514->519 518->511 519->511
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: T
                                                                                                                                                                              • API String ID: 0-1948115984
                                                                                                                                                                              • Opcode ID: 4f845b1d8fdf7676cc773641050e19efdc3bfe8ee94326316340b383803deb34
                                                                                                                                                                              • Instruction ID: 799a962e5b2fcfa29efbf37d935427872391b2bf4685cc871f1cad773dc01356
                                                                                                                                                                              • Opcode Fuzzy Hash: 4f845b1d8fdf7676cc773641050e19efdc3bfe8ee94326316340b383803deb34
                                                                                                                                                                              • Instruction Fuzzy Hash: 20411536A402158FEB04CE7CD4A57EF77B5F74A334F15061AD412DBB90CA2A98098B90
                                                                                                                                                                              Function 0083C5A0 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 521 83c5a0-83c60d 522 83c610-83c61e 521->522 523 83c7a7-83c80f call 83c820 call 8bb236 522->523 524 83c624-83c631 522->524 540 83c816 523->540 527 83c637-83c644 524->527 528 83c6b4-83c714 call 83c820 call 8bb236 524->528 534 83c64a-83c657 527->534 535 83c78c-83c7a6 call 8b7d26 527->535 541 83c719-83c787 528->541 543 83c667-83c6af 534->543 544 83c65d-83c662 534->544 540->522 541->540 543->540 544->540
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d2e8b86e8c187f610a87150e464872c4656c0cbf0f5c00f48febaac38ecf9c8d
                                                                                                                                                                              • Instruction ID: 74e2bbb693f104da4f7a2cc900bbc555d2b75d52acfcc4eaf4deee106624112c
                                                                                                                                                                              • Opcode Fuzzy Hash: d2e8b86e8c187f610a87150e464872c4656c0cbf0f5c00f48febaac38ecf9c8d
                                                                                                                                                                              • Instruction Fuzzy Hash: C3814B75E002098FCB00CFADD5816DEBBF6FB99320F25825AD814AB351D736A905CF90
                                                                                                                                                                              Function 00884DA0 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 63c4f1ea93be0a2032d9e6f1f9d35384f368dc077681676df215a7388a06cacc
                                                                                                                                                                              • Instruction ID: ec1693ce0dd7192b65f5c40133dda5b45511b1f4e97472a69809921aa7f0c002
                                                                                                                                                                              • Opcode Fuzzy Hash: 63c4f1ea93be0a2032d9e6f1f9d35384f368dc077681676df215a7388a06cacc
                                                                                                                                                                              • Instruction Fuzzy Hash: 6761E671E006058FCB04EFBCD8956EEBBF5FB48320F254629D811D7391DA3698058B91
                                                                                                                                                                              Function 0083A330 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 62bdf3d9860b8b8a054ff5c9f592ced591ee336e85aa3890866a0e1d4562602b
                                                                                                                                                                              • Instruction ID: 89378d802edd9574708c3f50fdf09b25f8490749a2625ea8e937273976e85708
                                                                                                                                                                              • Opcode Fuzzy Hash: 62bdf3d9860b8b8a054ff5c9f592ced591ee336e85aa3890866a0e1d4562602b
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F61BDB6E012189FCB04DFACD4817EEBBF1FB88320F15812AD855E7351D636A9058F92
                                                                                                                                                                              Function 00852ED0 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 04d900553e06a32ab455e83ee5f6aea47061369f8045d2964af4856ba7291f4d
                                                                                                                                                                              • Instruction ID: 62e3e36007fa148d228fee5f2279b35f94d3af25ac8a6d9d6b75f5de92bbe487
                                                                                                                                                                              • Opcode Fuzzy Hash: 04d900553e06a32ab455e83ee5f6aea47061369f8045d2964af4856ba7291f4d
                                                                                                                                                                              • Instruction Fuzzy Hash: BC512376A006098FCB00CF7CC4917EF7BF6FB8A335F254259D911A73A1CA3A59098B91
                                                                                                                                                                              Function 008ACB50 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 44ac83991d7ac3cff032a420543c6aacc68251c8ed5324ad1edcaf827b488254
                                                                                                                                                                              • Instruction ID: 4d6fe8296f57405cc848a5fe3393e68a40ca8e5d8cf394b0988fec13a248363c
                                                                                                                                                                              • Opcode Fuzzy Hash: 44ac83991d7ac3cff032a420543c6aacc68251c8ed5324ad1edcaf827b488254
                                                                                                                                                                              • Instruction Fuzzy Hash: 93414876E042184FEB049A7C98A53EF7BE1FB06330F150729C865EB7D1D62A99098B90
                                                                                                                                                                              Function 008AD9C0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 72e2b6ded80862b6417e31ceea66820ee87052d1707a8264e0b16ab0e23ddeee
                                                                                                                                                                              • Instruction ID: 7ee5f02e60ab845c5cee2856be16871ed503fd3f9667198898c047b7ee4ccdb0
                                                                                                                                                                              • Opcode Fuzzy Hash: 72e2b6ded80862b6417e31ceea66820ee87052d1707a8264e0b16ab0e23ddeee
                                                                                                                                                                              • Instruction Fuzzy Hash: C3413972E043158FEB00CEBCD4953EF7BE1EB86330F154219C526CB791D63A99098B51
                                                                                                                                                                              Function 008AB850 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6fdf7ee70ec50f34251a456c10d26566f5d81581ca0b3c1fa8d8469911d94ee1
                                                                                                                                                                              • Instruction ID: 11c5f7bec9430257deb5c6a57b45a850ed7b303830379cbe1d988f9f81483a82
                                                                                                                                                                              • Opcode Fuzzy Hash: 6fdf7ee70ec50f34251a456c10d26566f5d81581ca0b3c1fa8d8469911d94ee1
                                                                                                                                                                              • Instruction Fuzzy Hash: C041E432A002158FDB009E7C94A57EF7BF6FB4A334F294369C6259B7D1D62A58098B90
                                                                                                                                                                              Function 008B82D0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 008B8235: GetModuleHandleExW.KERNEL32(00000002,00000000,008848DE,?,?,008B81F8,?,?,008B81C9,?,?,008848DE,?,?,?,?), ref: 008B8241
                                                                                                                                                                              • __Mtx_unlock.LIBCPMT ref: 008B8316
                                                                                                                                                                              • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,E2BBFDD5,?,?,?,008CB8A7,000000FF), ref: 008B833E
                                                                                                                                                                              • __Mtx_unlock.LIBCPMT ref: 008B8379
                                                                                                                                                                              • __Cnd_broadcast.LIBCPMT ref: 008B838A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 420990631-0
                                                                                                                                                                              • Opcode ID: 5ea15c51cd87cec8ac6ec6163e9efdf49255cdd8a27bacfb589bb93e473f5aa0
                                                                                                                                                                              • Instruction ID: c1160c0aa2c8f1258e37ee77ea9fed320c3f74098e5d96e45ba00fc36c3328d0
                                                                                                                                                                              • Opcode Fuzzy Hash: 5ea15c51cd87cec8ac6ec6163e9efdf49255cdd8a27bacfb589bb93e473f5aa0
                                                                                                                                                                              • Instruction Fuzzy Hash: 17119372941A00EBCB117F68AD52B9E7BACFB45F60F04012AF859D2391DF39E800D662
                                                                                                                                                                              Function 008C51BA Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 223 8c51ba-8c51dc 224 8c53cf 223->224 225 8c51e2-8c51e4 223->225 226 8c53d1-8c53d5 224->226 227 8c51e6-8c5205 call 8be012 225->227 228 8c5210-8c5233 225->228 234 8c5208-8c520b 227->234 229 8c5239-8c523f 228->229 230 8c5235-8c5237 228->230 229->227 232 8c5241-8c5252 229->232 230->229 230->232 235 8c5254-8c5262 call 8c8b51 232->235 236 8c5265-8c5275 call 8c54e7 232->236 234->226 235->236 241 8c52be-8c52d0 236->241 242 8c5277-8c527d 236->242 243 8c5327-8c5347 WriteFile 241->243 244 8c52d2-8c52d8 241->244 245 8c527f-8c5282 242->245 246 8c52a6-8c52bc call 8c5564 242->246 247 8c5349-8c534f GetLastError 243->247 248 8c5352 243->248 250 8c52da-8c52dd 244->250 251 8c5313-8c5320 call 8c5993 244->251 252 8c528d-8c529c call 8c592b 245->252 253 8c5284-8c5287 245->253 263 8c529f-8c52a1 246->263 247->248 256 8c5355-8c5360 248->256 257 8c52ff-8c5311 call 8c5b57 250->257 258 8c52df-8c52e2 250->258 262 8c5325 251->262 252->263 253->252 259 8c5367-8c536a 253->259 264 8c53ca-8c53cd 256->264 265 8c5362-8c5365 256->265 269 8c52fa-8c52fd 257->269 266 8c536d-8c536f 258->266 267 8c52e8-8c52f5 call 8c5a6e 258->267 259->266 262->269 263->256 264->226 265->259 270 8c539d-8c53a9 266->270 271 8c5371-8c5376 266->271 267->269 269->263 276 8c53ab-8c53b1 270->276 277 8c53b3-8c53c5 270->277 274 8c538f-8c5398 call 8c14a1 271->274 275 8c5378-8c538a 271->275 274->234 275->234 276->224 276->277 277->234
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 008C5564: GetConsoleOutputCP.KERNEL32(E2BBFDD5,00000000,00000000,?), ref: 008C55C7
                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,008BB6E2,?,008BB944), ref: 008C533F
                                                                                                                                                                              • GetLastError.KERNEL32(?,008BB6E2,?,008BB944,?,008BB944,?,?,?,?,?,?,?,?,?,?), ref: 008C5349
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2915228174-0
                                                                                                                                                                              • Opcode ID: b874e3413f1492891ba0d1586229b4efc4bda0a77d43e91f3ca92f982ad51a92
                                                                                                                                                                              • Instruction ID: 7a469c65b083b02b64cffd03f421666a02b2d1a6c36dbf516b1e7444d85a4723
                                                                                                                                                                              • Opcode Fuzzy Hash: b874e3413f1492891ba0d1586229b4efc4bda0a77d43e91f3ca92f982ad51a92
                                                                                                                                                                              • Instruction Fuzzy Hash: A5619E71900659AFDF15DFA8D884FAEBBB9FB19304F18014DE804E7242D772E981CB91
                                                                                                                                                                              Function 008B7CB2 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 280 8b7cb2-8b7cb5 281 8b7cc4-8b7cc7 call 8be3f4 280->281 283 8b7ccc-8b7ccf 281->283 284 8b7cd1-8b7cd2 283->284 285 8b7cb7-8b7cc2 call 8bd311 283->285 285->281 288 8b7cd3-8b7cd7 285->288 289 8b7cdd-8b8f42 call 8b85a9 call 8b9f57 288->289 290 8b8f43-8b8f73 call 8459e0 call 8b9f57 IsProcessorFeaturePresent 288->290 289->290 301 8b8f7a-8b9059 call 8b905a 290->301 302 8b8f75-8b8f78 290->302 302->301
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 008B8F6B
                                                                                                                                                                              • ___raise_securityfailure.LIBCMT ref: 008B9053
                                                                                                                                                                                • Part of subcall function 008B9F57: RaiseException.KERNEL32(E06D7363,00000001,00000003,008B8F5F,6B102C10,?,?,?,008B8F5F,?,008D47BC), ref: 008B9FB7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFeaturePresentProcessorRaise___raise_securityfailure
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3749517692-0
                                                                                                                                                                              • Opcode ID: 8e875cfc8ecd2d050c7d25dab5071d0da91205fa669cd06a80a03ee6a376dfee
                                                                                                                                                                              • Instruction ID: 8da025c080bc045957fe479a1eb8e4ee916a1564d48d2ab33824ad498afd6c88
                                                                                                                                                                              • Opcode Fuzzy Hash: 8e875cfc8ecd2d050c7d25dab5071d0da91205fa669cd06a80a03ee6a376dfee
                                                                                                                                                                              • Instruction Fuzzy Hash: 39316B75501318EBDB10EF69FC566987BB8FB08324F11432BE999CB7A1EB70A644CB41
                                                                                                                                                                              Function 008C5993 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 305 8c5993-8c59e8 call 8b9a90 308 8c5a5d-8c5a6d call 8b7d26 305->308 309 8c59ea 305->309 311 8c59f0 309->311 313 8c59f6-8c59f8 311->313 314 8c59fa-8c59ff 313->314 315 8c5a12-8c5a37 WriteFile 313->315 318 8c5a08-8c5a10 314->318 319 8c5a01-8c5a07 314->319 316 8c5a39-8c5a44 315->316 317 8c5a55-8c5a5b GetLastError 315->317 316->308 320 8c5a46-8c5a51 316->320 317->308 318->313 318->315 319->318 320->311 321 8c5a53 320->321 321->308
                                                                                                                                                                              APIs
                                                                                                                                                                              • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,008C5325,?,008BB944,?,?,?,00000000), ref: 008C5A2F
                                                                                                                                                                              • GetLastError.KERNEL32(?,008C5325,?,008BB944,?,?,?,00000000,?,?,?,?,?,008BB6E2,?,008BB944), ref: 008C5A55
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 442123175-0
                                                                                                                                                                              • Opcode ID: 74e79f10d646c63b19bc91e7b1a74f0c1df47b8b5cfce18473c119975b4d1e64
                                                                                                                                                                              • Instruction ID: 896481b73a4e67d3393f348c1f909044823d99cc6b9256c86140efdc71cd31fd
                                                                                                                                                                              • Opcode Fuzzy Hash: 74e79f10d646c63b19bc91e7b1a74f0c1df47b8b5cfce18473c119975b4d1e64
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F218230A00629DBCF19CF19DC80ED9B7BAFB49301F1442AEE946D7211D630EE86CB61
                                                                                                                                                                              Function 008C02D3 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 322 8c02d3-8c02d8 323 8c02da-8c02f2 322->323 324 8c02f4-8c02f8 323->324 325 8c0300-8c0309 323->325 324->325 326 8c02fa-8c02fe 324->326 327 8c031b 325->327 328 8c030b-8c030e 325->328 329 8c0375-8c0379 326->329 332 8c031d-8c032a GetStdHandle 327->332 330 8c0317-8c0319 328->330 331 8c0310-8c0315 328->331 329->323 333 8c037f-8c0382 329->333 330->332 331->332 334 8c032c-8c032e 332->334 335 8c0357-8c0369 332->335 334->335 337 8c0330-8c0339 GetFileType 334->337 335->329 336 8c036b-8c036e 335->336 336->329 337->335 338 8c033b-8c0344 337->338 339 8c034c-8c034f 338->339 340 8c0346-8c034a 338->340 339->329 341 8c0351-8c0355 339->341 340->329 341->329
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,008C01C2,008D4E30,0000000C), ref: 008C031F
                                                                                                                                                                              • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,008C01C2,008D4E30,0000000C), ref: 008C0331
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                                              • Opcode ID: b9d5d71837eadd3b50b707c338a8cd48667700c3b3ff6459dc0c053c7a7eada7
                                                                                                                                                                              • Instruction ID: 5b826f664c237e3bc6eb0a465d5075530a29f2819ed0db6c1932482b561a485d
                                                                                                                                                                              • Opcode Fuzzy Hash: b9d5d71837eadd3b50b707c338a8cd48667700c3b3ff6459dc0c053c7a7eada7
                                                                                                                                                                              • Instruction Fuzzy Hash: 27119021104785D7CB344A3E9C88F26ABB4F75A3B9B38071ED0B6C67F2C670D9819A11
                                                                                                                                                                              Function 008C160D Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 485 8c160d-8c1619 486 8c164b-8c1656 call 8c1415 485->486 487 8c161b-8c161d 485->487 494 8c1658-8c165a 486->494 489 8c161f-8c1620 487->489 490 8c1636-8c1647 RtlAllocateHeap 487->490 489->490 491 8c1649 490->491 492 8c1622-8c1629 call 8be327 490->492 491->494 492->486 497 8c162b-8c1634 call 8bd311 492->497 497->486 497->490
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,6865CFF9,?,008B7CCC,?,?,008457A5,?), ref: 008C163F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 15aa183a3ef8adc70244259069ff31615f60ce2d7cc7af00c409b741ed032c12
                                                                                                                                                                              • Instruction ID: 763c788db2117714906e3d5dd678714ff1262b47f75cdd3a8b03e48c45a75ea4
                                                                                                                                                                              • Opcode Fuzzy Hash: 15aa183a3ef8adc70244259069ff31615f60ce2d7cc7af00c409b741ed032c12
                                                                                                                                                                              • Instruction Fuzzy Hash: B4E0E52110121156DE3066299D8CF9B7BBCFB533B0F1C0229FC14D7292DB30CC0186A6

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 00878BA0 Relevance: 11.2, Strings: 8, Instructions: 1247COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: =Gh|$=Gh|$>j5$>j5$oz|=$'~0$'~0$CbV
                                                                                                                                                                              • API String ID: 0-1925010860
                                                                                                                                                                              • Opcode ID: 32a2a5fbfb021ddc1e871c7182b93f02abe17c981749efda8acf0c7145619072
                                                                                                                                                                              • Instruction ID: a81d9d37a5b347027a127510e4f29da5183b752c6c06ccd1b4a5337e9aa0136c
                                                                                                                                                                              • Opcode Fuzzy Hash: 32a2a5fbfb021ddc1e871c7182b93f02abe17c981749efda8acf0c7145619072
                                                                                                                                                                              • Instruction Fuzzy Hash: C9922576A41505CFCB04CE7CD5A87EE3BE2F786324F29921AD495DB398CA36DD069B00
                                                                                                                                                                              Function 00849AA0 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 530COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Throw_future_error.LIBCPMT ref: 0084A1A3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Throw_future_errorstd::_
                                                                                                                                                                              • String ID: "8q$"8q
                                                                                                                                                                              • API String ID: 3785073728-2869087566
                                                                                                                                                                              • Opcode ID: 1718fee910d7bb76ed5dbdde9a8fb1f3f7602579e840d3f3977074dfe22643a3
                                                                                                                                                                              • Instruction ID: 3f31914c2c479b7d75ddd2cbcdba17e28eba5d541c0c1a9b908c08c649fdfeec
                                                                                                                                                                              • Opcode Fuzzy Hash: 1718fee910d7bb76ed5dbdde9a8fb1f3f7602579e840d3f3977074dfe22643a3
                                                                                                                                                                              • Instruction Fuzzy Hash: 75022172E40109CFDB04CE7CE8A53DE7BE2FB45324F258629D855EB394DA3A99098B11
                                                                                                                                                                              Function 00856830 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 424COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_header.LIBCMT ref: 00856B0F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_header
                                                                                                                                                                              • String ID: 6/=$6/=
                                                                                                                                                                              • API String ID: 3738618077-3779471209
                                                                                                                                                                              • Opcode ID: 44aa645a6290bc42ad99920a61aa0a1d638ec18f607398cde83284bb7c320318
                                                                                                                                                                              • Instruction ID: 4944ee13d4e40c6e2718f6763565559075163678475c2d722dc09e145dce7cbf
                                                                                                                                                                              • Opcode Fuzzy Hash: 44aa645a6290bc42ad99920a61aa0a1d638ec18f607398cde83284bb7c320318
                                                                                                                                                                              • Instruction Fuzzy Hash: EBD14536A4520ACFCB04CA7CD4A53FE3BE1FB41335F694625C951DB395EA3A890E9B40
                                                                                                                                                                              Function 00844050 Relevance: 10.6, Strings: 8, Instructions: 555COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: !=}N$!=}N$U,-p$U,-p$_N-$_N-$Y|$Y|
                                                                                                                                                                              • API String ID: 0-1339201840
                                                                                                                                                                              • Opcode ID: fef1d9a600125d51ad4be4275c185c06fa90c5d39a9872ecbc6e2dc219ca3dcd
                                                                                                                                                                              • Instruction ID: ac81c9e8f627bb4754def358821fbd73feaab508c69829e3b436e2ae3babf177
                                                                                                                                                                              • Opcode Fuzzy Hash: fef1d9a600125d51ad4be4275c185c06fa90c5d39a9872ecbc6e2dc219ca3dcd
                                                                                                                                                                              • Instruction Fuzzy Hash: D012E33AA0521CCFDB04CEBCD8947EE7BE1FB55354F29661AD401EB394DA39980ADB10
                                                                                                                                                                              Function 008C6122 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1479COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                                              • Opcode ID: 3c52b96225f248c21426d999ce0fc7e2fe94899e7288867b74a2002dcf950402
                                                                                                                                                                              • Instruction ID: 33c354e0b55b666baaaedffda3d1a8db36ce0ca1c2394ef6afab8aa477e4a57d
                                                                                                                                                                              • Opcode Fuzzy Hash: 3c52b96225f248c21426d999ce0fc7e2fe94899e7288867b74a2002dcf950402
                                                                                                                                                                              • Instruction Fuzzy Hash: 59D21671E086298BDB65CE28DD40BEAB7B5FB44305F1441EED84DE7240EB78AE858F41
                                                                                                                                                                              Function 008B05E0 Relevance: 10.0, Strings: 7, Instructions: 1253COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: #g*$Ra"$Tci$TC#$TC#$id]G$2@
                                                                                                                                                                              • API String ID: 0-4058000033
                                                                                                                                                                              • Opcode ID: 223c5ae837174bd1d5db8cc43d9de1698f778e021ac2088efc3cf875845a0fe6
                                                                                                                                                                              • Instruction ID: 301485ca74843c872128e67c732bc2e12d5b06718e21eaa30f2f9f45ca3369ca
                                                                                                                                                                              • Opcode Fuzzy Hash: 223c5ae837174bd1d5db8cc43d9de1698f778e021ac2088efc3cf875845a0fe6
                                                                                                                                                                              • Instruction Fuzzy Hash: D492233AA005058FCF04CE7CD5A97EE3BF2F785354F289216C442EF799DA2A99069F44
                                                                                                                                                                              Function 008770B0 Relevance: 8.4, APIs: 2, Strings: 2, Instructions: 1429threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00877D1B
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00878397
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentThread
                                                                                                                                                                              • String ID: p"7$p"7
                                                                                                                                                                              • API String ID: 2882836952-3456302545
                                                                                                                                                                              • Opcode ID: fe269495481be3b5a0b96bd1b67c5f4f4be6cece5aa55f7fc6dbd8f30f7a1404
                                                                                                                                                                              • Instruction ID: 90093a02c444b471758f7bc80788b4c47fc15d3aa4c6762fcc89132d52be9a6d
                                                                                                                                                                              • Opcode Fuzzy Hash: fe269495481be3b5a0b96bd1b67c5f4f4be6cece5aa55f7fc6dbd8f30f7a1404
                                                                                                                                                                              • Instruction Fuzzy Hash: DBB21376A45105CFCB04CEBCC9A86EE7BF1FB84314F24861AD41ADB398DA76D806DB44
                                                                                                                                                                              Function 00883380 Relevance: 6.4, APIs: 4, Instructions: 392COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: adbec18e16c4bd46771df500cbe2ef13c2be472f2550f644a8fcbb0c2bef64fc
                                                                                                                                                                              • Instruction ID: 889015c593c6697d83d01dc5b389b83fb7c82b4ca71f96528c13cc7b257b4b23
                                                                                                                                                                              • Opcode Fuzzy Hash: adbec18e16c4bd46771df500cbe2ef13c2be472f2550f644a8fcbb0c2bef64fc
                                                                                                                                                                              • Instruction Fuzzy Hash: 4AD14B36A05105CFDB04EE7CC4A53EE7BF2FB90724F258626C451D73D4DA3A9A069B44
                                                                                                                                                                              Function 0088AC20 Relevance: 6.3, Strings: 4, Instructions: 1259COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: yS n$yS n$2P$q{I
                                                                                                                                                                              • API String ID: 0-446549057
                                                                                                                                                                              • Opcode ID: 0b576914e320847f033cdc225633a0e7eefbeea551ea3394dd4b602888082968
                                                                                                                                                                              • Instruction ID: c5fd1edcccaaa2b6f1dc5ea1e465ef588a0ed6d99acb6c66cba815f53d6f6e6b
                                                                                                                                                                              • Opcode Fuzzy Hash: 0b576914e320847f033cdc225633a0e7eefbeea551ea3394dd4b602888082968
                                                                                                                                                                              • Instruction Fuzzy Hash: 90921276A00108DFDB08DF7CD5A53ED7BE2FB85324F298216D411DB3A8DA36AD069B41
                                                                                                                                                                              Function 008B90E0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 008B90EC
                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 008B91B8
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008B91D8
                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 008B91E2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 254469556-0
                                                                                                                                                                              • Opcode ID: ff216c38d60b681b648bd0924a5b819b2645cda5c7ddbb896fb4f9043fd79e2b
                                                                                                                                                                              • Instruction ID: cff872e4d95b0b1c6e670f6e252d9282ee00372e9abfea9b7e06af22fb8f2f03
                                                                                                                                                                              • Opcode Fuzzy Hash: ff216c38d60b681b648bd0924a5b819b2645cda5c7ddbb896fb4f9043fd79e2b
                                                                                                                                                                              • Instruction Fuzzy Hash: B8310775D0521C9BDB20EFA8D9897CDBBB8FF08304F1041AAE549AB290EB715B858F45
                                                                                                                                                                              Function 008449C0 Relevance: 5.9, Strings: 4, Instructions: 947COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: (h9$N!"$"r9$"r9
                                                                                                                                                                              • API String ID: 0-759499846
                                                                                                                                                                              • Opcode ID: 47c55a51caa24af5de25f3f9758eaabf802ce26bf87e30c1d80bbada252b0fa0
                                                                                                                                                                              • Instruction ID: 405f2aec903eed06e8d4c120f6d9a7779f7fd0185897789c0d9ceeac5d7ed6c2
                                                                                                                                                                              • Opcode Fuzzy Hash: 47c55a51caa24af5de25f3f9758eaabf802ce26bf87e30c1d80bbada252b0fa0
                                                                                                                                                                              • Instruction Fuzzy Hash: F1624536A02918CFCB04CEBCD5A43EE77E2F794324F26821AD811DB795E93A99059F40
                                                                                                                                                                              Function 00899110 Relevance: 5.8, Strings: 4, Instructions: 789COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 2?k"$2?k"$r9{%$yl)
                                                                                                                                                                              • API String ID: 0-2442328656
                                                                                                                                                                              • Opcode ID: e3d48c1152f039138bc4e64e85880734ed247be31bfd290195471110e8bce777
                                                                                                                                                                              • Instruction ID: 19a3f0d98289a9328f2fe543229307075335f4946cc5a65c54ddaeb9d209db0a
                                                                                                                                                                              • Opcode Fuzzy Hash: e3d48c1152f039138bc4e64e85880734ed247be31bfd290195471110e8bce777
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F421432A442158FCF04DEBCD4A53EE7BF6FB85324F298219D4A1EB794C63A98459F40
                                                                                                                                                                              Function 00880810 Relevance: 5.7, Strings: 4, Instructions: 723COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: h)K$h)K$<di$<di
                                                                                                                                                                              • API String ID: 0-104553273
                                                                                                                                                                              • Opcode ID: a704f9959b09b7f3b1008c0b28a65aaaf41304bec56c4d87a13f4b94bec283c6
                                                                                                                                                                              • Instruction ID: 7cc8ef887d381a6aa6a9143388580aad988c7d3d8309a6c37a24263e95092fc6
                                                                                                                                                                              • Opcode Fuzzy Hash: a704f9959b09b7f3b1008c0b28a65aaaf41304bec56c4d87a13f4b94bec283c6
                                                                                                                                                                              • Instruction Fuzzy Hash: A142AE76E00209CFCF08EEB8D8996EE7BF6FB85354F248519D455EB395CA3998068F40
                                                                                                                                                                              Function 008B73E0 Relevance: 5.5, Strings: 4, Instructions: 516COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: *fB$*fB$5J`s$5J`s
                                                                                                                                                                              • API String ID: 0-2631250293
                                                                                                                                                                              • Opcode ID: 2a7ef020f197f551a8dd1093c54043f0b9258990b1cdb4fdbec017a2df05e7c0
                                                                                                                                                                              • Instruction ID: 73eaf29d190476277bab34de7b3bed780ff7114c470c9153c22424f92eb366ff
                                                                                                                                                                              • Opcode Fuzzy Hash: 2a7ef020f197f551a8dd1093c54043f0b9258990b1cdb4fdbec017a2df05e7c0
                                                                                                                                                                              • Instruction Fuzzy Hash: 28024436A086158FCB04CE7CC4A5BEE7BF2FB85324F284269D541EB394DA3A9D059F50
                                                                                                                                                                              Function 00880380 Relevance: 4.1, Strings: 3, Instructions: 354COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @\][$Q|Jt$Q|Jt
                                                                                                                                                                              • API String ID: 0-355759107
                                                                                                                                                                              • Opcode ID: 79c35dab04df35b86396a5993fa4318bda7ec2159a44e50a9f1cea8956bd6f84
                                                                                                                                                                              • Instruction ID: 708483222180563c49d7764314a92ef4eb76c6836e14c0d8a5c59515769bcc0b
                                                                                                                                                                              • Opcode Fuzzy Hash: 79c35dab04df35b86396a5993fa4318bda7ec2159a44e50a9f1cea8956bd6f84
                                                                                                                                                                              • Instruction Fuzzy Hash: ECC10676A401188FCB04DE7CD8A57EE7BF2FB49324F25521AD511EB3E0DA3A98098F54
                                                                                                                                                                              Function 00853430 Relevance: 4.1, Strings: 3, Instructions: 333COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: J!r.$J!r.$Xkn?
                                                                                                                                                                              • API String ID: 0-2107863428
                                                                                                                                                                              • Opcode ID: e0c2887bd9da0dbc58c4f153db954828e3929ba78f33a125fcdc7326b394d3bd
                                                                                                                                                                              • Instruction ID: 8c3a900f4057718de66c0922e0eee1d6d7e195ca5af8ea80e110f492dc26d116
                                                                                                                                                                              • Opcode Fuzzy Hash: e0c2887bd9da0dbc58c4f153db954828e3929ba78f33a125fcdc7326b394d3bd
                                                                                                                                                                              • Instruction Fuzzy Hash: 25B10576A05204CFCB08CF7CD9A57EEBBF1FB89365F24412AD800EB354D6369A099B54
                                                                                                                                                                              Function 00831000 Relevance: 3.8, Strings: 2, Instructions: 1343COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: W]$W]
                                                                                                                                                                              • API String ID: 0-91146045
                                                                                                                                                                              • Opcode ID: 9682efa57567c6a5096d7fd8ea63da28d55e684cc6b7a1c1a11c68fdaf757ae4
                                                                                                                                                                              • Instruction ID: b34e672dc00b36933f9e6f300e240b50b08727a261fe19220b354a7d1e1f915f
                                                                                                                                                                              • Opcode Fuzzy Hash: 9682efa57567c6a5096d7fd8ea63da28d55e684cc6b7a1c1a11c68fdaf757ae4
                                                                                                                                                                              • Instruction Fuzzy Hash: FAB2A376A016148FCB08CEBCD9A46EE77F2FB89320F254219D525EB3E4DA75AC058F50
                                                                                                                                                                              Function 0089EB30 Relevance: 3.6, APIs: 2, Instructions: 564COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 98d813f491ff833edc4b691fb6bd8fa0afb985d08698608676351f327975b8b9
                                                                                                                                                                              • Instruction ID: 8ec499da18b25689214880143bac97babc79ff34ee552b0eb262e5c6695aac3e
                                                                                                                                                                              • Opcode Fuzzy Hash: 98d813f491ff833edc4b691fb6bd8fa0afb985d08698608676351f327975b8b9
                                                                                                                                                                              • Instruction Fuzzy Hash: 4212DD76A04205CFCF08DFBCD5996EE7BF2FB89314F28862AD442EB395D63599058B40
                                                                                                                                                                              Function 00862910 Relevance: 3.4, APIs: 2, Instructions: 421COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Throw_future_error.LIBCPMT ref: 00862C06
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Throw_future_errorstd::_
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3785073728-0
                                                                                                                                                                              • Opcode ID: 96c9ab55df16453668ca11b6a1f71bf964493a388d2d2c53b0741f78d54bd3aa
                                                                                                                                                                              • Instruction ID: 5f0bd9d3bd3246f72edbdbea49d72921286461e440669c2ea2bb15b6e0956ac2
                                                                                                                                                                              • Opcode Fuzzy Hash: 96c9ab55df16453668ca11b6a1f71bf964493a388d2d2c53b0741f78d54bd3aa
                                                                                                                                                                              • Instruction Fuzzy Hash: 41E1D076A14604CFCB04CFACD4957EEBBF2FB49320F154669D841EB391DA36A80ACB51
                                                                                                                                                                              Function 00894DF0 Relevance: 3.3, Strings: 2, Instructions: 800COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: n8~&$n8~&
                                                                                                                                                                              • API String ID: 0-4015204180
                                                                                                                                                                              • Opcode ID: 2df82c39c15d5077c727ddf27d44b60c9b3df46bc8f46f11ce368da5398063c7
                                                                                                                                                                              • Instruction ID: 6d1bead5fd521c1f6fec6587c06cecd1d0ff2555241a459e2e56cc5bd3224d25
                                                                                                                                                                              • Opcode Fuzzy Hash: 2df82c39c15d5077c727ddf27d44b60c9b3df46bc8f46f11ce368da5398063c7
                                                                                                                                                                              • Instruction Fuzzy Hash: B4422732A10A159FCF05DE7CD4A83DE7BE1FB85334F295219D425EB390DA3A98069F44
                                                                                                                                                                              Function 00841110 Relevance: 3.3, Strings: 2, Instructions: 766COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ,t$,t
                                                                                                                                                                              • API String ID: 0-3037436286
                                                                                                                                                                              • Opcode ID: 0f653f160a4af4497c46d1479e84ccd9cf3cc57bbdcd26e8c3fbca619650942e
                                                                                                                                                                              • Instruction ID: 187b90b9e0a7dc70db97bf713803369163626ab89432f239342f96d073f82276
                                                                                                                                                                              • Opcode Fuzzy Hash: 0f653f160a4af4497c46d1479e84ccd9cf3cc57bbdcd26e8c3fbca619650942e
                                                                                                                                                                              • Instruction Fuzzy Hash: 51529B75A40219CFCF04CFBCD5A96EEBBF2FB89354F24822AD801EB354DA3598459B50
                                                                                                                                                                              Function 008A5980 Relevance: 3.2, Strings: 2, Instructions: 742COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: m3g$m3g
                                                                                                                                                                              • API String ID: 0-4226803479
                                                                                                                                                                              • Opcode ID: 1ca2aee1cd7fd7f8dcd00118fa62f999f50cb877480fd1746032ee28a119e54b
                                                                                                                                                                              • Instruction ID: 7455435b15a223aed91266ecb6d85b26e2a5d86289845fb08fb6ca84bf34ae8d
                                                                                                                                                                              • Opcode Fuzzy Hash: 1ca2aee1cd7fd7f8dcd00118fa62f999f50cb877480fd1746032ee28a119e54b
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D422676E045188FEF04CE7CC5943ED7BE2FB86324F298215D451EBB98D63998069F50
                                                                                                                                                                              Function 00863A30 Relevance: 3.1, APIs: 2, Instructions: 145COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Cnd_broadcast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 465196245-0
                                                                                                                                                                              • Opcode ID: c5bdf6f00d14544cb235b654b4009e7f0a99d82988260568db111ad630e3ba65
                                                                                                                                                                              • Instruction ID: d1d1d9cfaf51474f81981b31c3d713337f0a0b887fade51855e0b3110f7101f6
                                                                                                                                                                              • Opcode Fuzzy Hash: c5bdf6f00d14544cb235b654b4009e7f0a99d82988260568db111ad630e3ba65
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D41F776E041648BDB00DA7CD8A53EF7BF1FB45330F260729D861A73D1DA265A089B81
                                                                                                                                                                              Function 0085E9E0 Relevance: 3.1, Strings: 2, Instructions: 563COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: D?i$D?i
                                                                                                                                                                              • API String ID: 0-130670880
                                                                                                                                                                              • Opcode ID: e6e43ed8c8afc77550afe812c922e4511a1cf1d28857dbe9b9725a6f3c647370
                                                                                                                                                                              • Instruction ID: b18433ea0ad85df557028d22821d17e7f4d95db45f2d037402a933974b0afad8
                                                                                                                                                                              • Opcode Fuzzy Hash: e6e43ed8c8afc77550afe812c922e4511a1cf1d28857dbe9b9725a6f3c647370
                                                                                                                                                                              • Instruction Fuzzy Hash: 5A228075A01218CFCB08CFA8D5946EEBBF2FB89311F248269D945EB395C735AD09CB41
                                                                                                                                                                              Function 008B9A21 Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32(?,008B968F,00000000,?,?,?,008B9605,00000000,00000000,?,?,008B8E0A,008B8C0E,00000001,BEA8137A), ref: 008B9A3A
                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,?,008B968F,00000000,?,?,?,008B9605,00000000,00000000,?,?,008B8E0A,008B8C0E,00000001), ref: 008B9A3E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Time$FileSystem$Precise
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 743729956-0
                                                                                                                                                                              • Opcode ID: e26bb6fab801afee0c6578380646a50fc1378220017b826ec1c2a59d798b03b6
                                                                                                                                                                              • Instruction ID: 27863840a54568a828175a3e135183a52e86bdb5abae48f4a888032787cd5e86
                                                                                                                                                                              • Opcode Fuzzy Hash: e26bb6fab801afee0c6578380646a50fc1378220017b826ec1c2a59d798b03b6
                                                                                                                                                                              • Instruction Fuzzy Hash: 6DD0123255653CDB8B113B94EC049ED7F6DFB05B527090117EA4A97320DBB25D009BD1
                                                                                                                                                                              Function 00863200 Relevance: 2.9, Strings: 2, Instructions: 422COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Kn$Kn
                                                                                                                                                                              • API String ID: 0-4234865415
                                                                                                                                                                              • Opcode ID: a006d71e074f8b9ef62147ca714650ca3832e26a74150303c93337a6905b2293
                                                                                                                                                                              • Instruction ID: 0f1800e2a29868036af4ca0107b48c49de4cb763408b7d42d79a3abd9d0b4725
                                                                                                                                                                              • Opcode Fuzzy Hash: a006d71e074f8b9ef62147ca714650ca3832e26a74150303c93337a6905b2293
                                                                                                                                                                              • Instruction Fuzzy Hash: F1E157B6A04219CFCF04CE7CE9953EE7BE1FB89314F1A4229D401EB354CA3A9A05DB55
                                                                                                                                                                              Function 00888440 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: f(r|$ua`
                                                                                                                                                                              • API String ID: 0-563872743
                                                                                                                                                                              • Opcode ID: 6682c89d6cb6dc986f41540f0761aee20c0775ca69759dbdb69b1a4313de5816
                                                                                                                                                                              • Instruction ID: a92fd15c65ff3f1031dc7d3c6c36a10c6ed69d86f22174b4fe674173b0087d40
                                                                                                                                                                              • Opcode Fuzzy Hash: 6682c89d6cb6dc986f41540f0761aee20c0775ca69759dbdb69b1a4313de5816
                                                                                                                                                                              • Instruction Fuzzy Hash: 94E1E176A05109CFCB04EFBCD9946EE7BF2FB84314F64821AD401E7394DE36990A9B41
                                                                                                                                                                              Function 0085D1F0 Relevance: 2.9, Strings: 2, Instructions: 367COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: fJz$fJz
                                                                                                                                                                              • API String ID: 0-1644437603
                                                                                                                                                                              • Opcode ID: 231cb5a961bedd114a29cdac8cfcb45fa2f2ec209571f0506fcfc47e432a4dde
                                                                                                                                                                              • Instruction ID: 4f155c73ad442d902cf2697d647440d2e34cb2af82ec26bf6bf17e70421a298c
                                                                                                                                                                              • Opcode Fuzzy Hash: 231cb5a961bedd114a29cdac8cfcb45fa2f2ec209571f0506fcfc47e432a4dde
                                                                                                                                                                              • Instruction Fuzzy Hash: 5BD1C372E012088FCF14DEBCD5956EE7BF2FB85321F254629DC11AB3A4DA369909CB41
                                                                                                                                                                              Function 00890070 Relevance: 2.9, Strings: 2, Instructions: 354COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 7TD*$7TD*
                                                                                                                                                                              • API String ID: 0-383827924
                                                                                                                                                                              • Opcode ID: 640fb2ffd7d893c794b4d60b43859ccb7036649b27cd7aa4e6041241439c37d2
                                                                                                                                                                              • Instruction ID: 2a84e9c5be5f23f945a08ecf2fe7fffd81c551bbfbd7abc295a9998faa96a48d
                                                                                                                                                                              • Opcode Fuzzy Hash: 640fb2ffd7d893c794b4d60b43859ccb7036649b27cd7aa4e6041241439c37d2
                                                                                                                                                                              • Instruction Fuzzy Hash: 48C1F336A006158FCF04EA7CD8A53EF7BF6F785324F39521AC951AB390D63699069F80
                                                                                                                                                                              Function 008960E0 Relevance: 2.8, Strings: 2, Instructions: 340COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 0|< $QuX?
                                                                                                                                                                              • API String ID: 0-2321951594
                                                                                                                                                                              • Opcode ID: 6991f0c70919ef792007c1041b1ee31fdb48be490fe70581e7c045b9cd066766
                                                                                                                                                                              • Instruction ID: 4b7ac7943c62a87bea77f4ef55633be52fcee4536af0bc26f6c3be77d61c28dc
                                                                                                                                                                              • Opcode Fuzzy Hash: 6991f0c70919ef792007c1041b1ee31fdb48be490fe70581e7c045b9cd066766
                                                                                                                                                                              • Instruction Fuzzy Hash: BDB14636A00625CFDF04DE7CC8A87EE3BE6F745334F2A1219D451EB3D1E62A88098B54
                                                                                                                                                                              Function 008AF4D0 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: k@hq$k@hq
                                                                                                                                                                              • API String ID: 0-1264566751
                                                                                                                                                                              • Opcode ID: b38537f12f22e690b3c30bff9ba4a7cce0f89aa367cce4321b841dd534cb1f97
                                                                                                                                                                              • Instruction ID: cf22e957532302d83238694aaf32afbc513df7e9bbc45497d4c7bc6db9b04fcf
                                                                                                                                                                              • Opcode Fuzzy Hash: b38537f12f22e690b3c30bff9ba4a7cce0f89aa367cce4321b841dd534cb1f97
                                                                                                                                                                              • Instruction Fuzzy Hash: F9B11476E001148FDB04DEBCE8947EE7BF2FB45314F254229E991EB7A1C6369D099B40
                                                                                                                                                                              Function 0089F9D0 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: u8B5$u8B5
                                                                                                                                                                              • API String ID: 0-1527950420
                                                                                                                                                                              • Opcode ID: 5271cc37025c4f541598629e10ebe03d32cd5be76136439ecf20a2b2053034be
                                                                                                                                                                              • Instruction ID: 9047a778d9edd73a8c183c5e733b60c44a48367e1f567e240454501a108198b2
                                                                                                                                                                              • Opcode Fuzzy Hash: 5271cc37025c4f541598629e10ebe03d32cd5be76136439ecf20a2b2053034be
                                                                                                                                                                              • Instruction Fuzzy Hash: 0CA10336A002198FCF089E7CC8A43DE7BE2FB89329F2D5325C555EB3D5C72A89059B50
                                                                                                                                                                              Function 008A0990 Relevance: 2.8, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Yh66$Yh66
                                                                                                                                                                              • API String ID: 0-2688580557
                                                                                                                                                                              • Opcode ID: 35704081dc2454fcc9d3967538733bc9c6b4158d515845f9d0359efeb22a30f5
                                                                                                                                                                              • Instruction ID: beba19897a75f1dbf8a0a5a5abee60d035176ca5c1d42f609c1bddf0909984a4
                                                                                                                                                                              • Opcode Fuzzy Hash: 35704081dc2454fcc9d3967538733bc9c6b4158d515845f9d0359efeb22a30f5
                                                                                                                                                                              • Instruction Fuzzy Hash: 6AA1F236A442148FDF04CEBCC8A43DE7BF2F74A364F195316D841EB7A5C63699088B54
                                                                                                                                                                              Function 00883C10 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: )V$8.l
                                                                                                                                                                              • API String ID: 0-3318964368
                                                                                                                                                                              • Opcode ID: 413631278746919805afa907b6be5027434a2302a2b95ba62cb44a2c0bbe7f49
                                                                                                                                                                              • Instruction ID: 129438caf704bee7ac0453bd36578447b20d90c2733b5070ebd9787cdcfd3d3b
                                                                                                                                                                              • Opcode Fuzzy Hash: 413631278746919805afa907b6be5027434a2302a2b95ba62cb44a2c0bbe7f49
                                                                                                                                                                              • Instruction Fuzzy Hash: AE51BD76A40204CFCB04DF6CC8906DEBBF3FB89724F29465AD915EB3A0C6366D058B90
                                                                                                                                                                              Function 0089E3A0 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: CfM$CfM
                                                                                                                                                                              • API String ID: 0-3025106272
                                                                                                                                                                              • Opcode ID: e1dea3224c2025564324625e055cf19acdd7f67db69095b7d4dd6e2728df4b64
                                                                                                                                                                              • Instruction ID: 8e6f30bffca240f4e6270e43e4871fa471cea100b9d0c1383cdd26dd8dd33e54
                                                                                                                                                                              • Opcode Fuzzy Hash: e1dea3224c2025564324625e055cf19acdd7f67db69095b7d4dd6e2728df4b64
                                                                                                                                                                              • Instruction Fuzzy Hash: BA410036B512198FCF00DABCC8953EE7BF1EB45331F290719D824EB3D2D6265A058BA0
                                                                                                                                                                              Function 008A7CC0 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: x2?"$x2?"
                                                                                                                                                                              • API String ID: 0-1313737588
                                                                                                                                                                              • Opcode ID: 39765417b807efc4e60e7bdc4efca02da84766ccf1efc4837635fde5ac82ecee
                                                                                                                                                                              • Instruction ID: 2f160bffb3f0fb7e5c850c9662f7caf925a6f0e5f4ca35a473fe1ce51a4ee4a7
                                                                                                                                                                              • Opcode Fuzzy Hash: 39765417b807efc4e60e7bdc4efca02da84766ccf1efc4837635fde5ac82ecee
                                                                                                                                                                              • Instruction Fuzzy Hash: 7C412576E192198FEB008E7CC8957FE7BF2FB46320F15061AD821E73D2D52A4D099B90
                                                                                                                                                                              Function 008AFC70 Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Qn$Qn
                                                                                                                                                                              • API String ID: 0-3188406930
                                                                                                                                                                              • Opcode ID: af81fad908c3bbc2fb523e40cdeff2feb20f1449520b728f9dac31c34d8128cd
                                                                                                                                                                              • Instruction ID: c42c99686878d260004722fde38e5633aee1b5c52fa93b6ab9086ca32a6b78e3
                                                                                                                                                                              • Opcode Fuzzy Hash: af81fad908c3bbc2fb523e40cdeff2feb20f1449520b728f9dac31c34d8128cd
                                                                                                                                                                              • Instruction Fuzzy Hash: 26411676A042184FDB00CEBCD9947DE77F6F746324F250325DA20EB7E1D62A59098F90
                                                                                                                                                                              Function 008AF320 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: }9wk$}9wk
                                                                                                                                                                              • API String ID: 0-170594621
                                                                                                                                                                              • Opcode ID: d9d543edc1722690c99454da13c1e193c686d85443746c20325e2345e23c93b1
                                                                                                                                                                              • Instruction ID: f6463280ec5a17add04340df63411f647773ae8bb69a4d7f74103dc85b676b18
                                                                                                                                                                              • Opcode Fuzzy Hash: d9d543edc1722690c99454da13c1e193c686d85443746c20325e2345e23c93b1
                                                                                                                                                                              • Instruction Fuzzy Hash: 6F41F476A002198FDF00CEBCC4947EE7BF2F74A324F16022AD955A77D1C62B5D0A8B94
                                                                                                                                                                              Function 00888B40 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: =Xwm$=Xwm
                                                                                                                                                                              • API String ID: 0-633539869
                                                                                                                                                                              • Opcode ID: 70b62f24098a9a6e2bad213b0575bd8272f848ea13096dfde01f73ff1d5f1198
                                                                                                                                                                              • Instruction ID: d28fb6d1f213047ec6d81c91cf4c29133adb1634b46ee04d8a250602525e33bc
                                                                                                                                                                              • Opcode Fuzzy Hash: 70b62f24098a9a6e2bad213b0575bd8272f848ea13096dfde01f73ff1d5f1198
                                                                                                                                                                              • Instruction Fuzzy Hash: D641E176A451198FCF009A7CC9907EF7BF2F789334F25031AC924AB2D1DA3A59069B90
                                                                                                                                                                              Function 00892470 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ;#y$;#y
                                                                                                                                                                              • API String ID: 0-2833862990
                                                                                                                                                                              • Opcode ID: 1b5cc35feefce9ee3b754217e1fa38269c7b7f09983d265352c9bb11ee5e59b2
                                                                                                                                                                              • Instruction ID: 10c3bbe09fa3be2c9fb9cfa1dabac842a685aac87a18cd97225ab22f0c9581a2
                                                                                                                                                                              • Opcode Fuzzy Hash: 1b5cc35feefce9ee3b754217e1fa38269c7b7f09983d265352c9bb11ee5e59b2
                                                                                                                                                                              • Instruction Fuzzy Hash: C7413276E402198FCF04DE7CD8A57EE7BF2F755324F1A021AC865A73D1C62B59098B90
                                                                                                                                                                              Function 00868260 Relevance: 2.2, Strings: 1, Instructions: 975COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: `#i
                                                                                                                                                                              • API String ID: 0-441195111
                                                                                                                                                                              • Opcode ID: 4e8610663f8722b3fb50bb0e9abf3fb407e7c508007067419c7a18e2647f52b1
                                                                                                                                                                              • Instruction ID: ccbdf683e30b926dfdc5564dba7250f6d03550339c58ed707c105bd73f6ec23e
                                                                                                                                                                              • Opcode Fuzzy Hash: 4e8610663f8722b3fb50bb0e9abf3fb407e7c508007067419c7a18e2647f52b1
                                                                                                                                                                              • Instruction Fuzzy Hash: BB82BF79A01218CFCB04CFACD5916AEBBF2FB89314F258259D849EB364DA35AD05CF41
                                                                                                                                                                              Function 008B4AA0 Relevance: 2.0, Strings: 1, Instructions: 758COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: mvN&
                                                                                                                                                                              • API String ID: 0-75694934
                                                                                                                                                                              • Opcode ID: 00e2f24df89d3260576ef474b853c7fb244f4f111e4d158e18fa9696985ff58b
                                                                                                                                                                              • Instruction ID: 2e8cb0af0e5d6ac8e47122dc6a09f35979967dada936024568859977ea5b6e22
                                                                                                                                                                              • Opcode Fuzzy Hash: 00e2f24df89d3260576ef474b853c7fb244f4f111e4d158e18fa9696985ff58b
                                                                                                                                                                              • Instruction Fuzzy Hash: A0428776A14604CFCB04CEBCD4A57EE7BE2FB85324F289216C851EB3A5C6369D06DB44
                                                                                                                                                                              Function 0089DA00 Relevance: 2.0, Strings: 1, Instructions: 739COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: -eG
                                                                                                                                                                              • API String ID: 0-2733614067
                                                                                                                                                                              • Opcode ID: e23af8594d0241286db7ba7830be7dc134ed70f117f48220c5f03a3952460497
                                                                                                                                                                              • Instruction ID: 1e7796b198ff53fa0c978cac7ff0990754ddc09237deaddd2e06003d05de473d
                                                                                                                                                                              • Opcode Fuzzy Hash: e23af8594d0241286db7ba7830be7dc134ed70f117f48220c5f03a3952460497
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B421376A402158FCF04DE7CC4A43EE7BE6F749324F299216D861EB390C63A9D069F54
                                                                                                                                                                              Function 00866320 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: #rP
                                                                                                                                                                              • API String ID: 0-3005770539
                                                                                                                                                                              • Opcode ID: 48469d41b86cb767a652f7e5d7a694a1753004c7452d1125b02ecd0092d63397
                                                                                                                                                                              • Instruction ID: 2a3160c529dcd593427fd2e1ef415c03e1e65580d200e0eee538c841896d2e8c
                                                                                                                                                                              • Opcode Fuzzy Hash: 48469d41b86cb767a652f7e5d7a694a1753004c7452d1125b02ecd0092d63397
                                                                                                                                                                              • Instruction Fuzzy Hash: 9C22AD75E002188FCB04DFBCD4956EEBBF2FB48314F168129E845EB355EA35A9058F82
                                                                                                                                                                              Function 008CB30E Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008CB269,?,?,00000008,?,?,008CAE3B,00000000), ref: 008CB53B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                              • Opcode ID: 29942df0ab765b6800009f8a7898b60a822e567ac1db83bb48f27db0d8f11a5b
                                                                                                                                                                              • Instruction ID: 874576474c54ed8bfc41a20ccf8d4f66ad6bd34ab019b71df70e8b1ec1f3adff
                                                                                                                                                                              • Opcode Fuzzy Hash: 29942df0ab765b6800009f8a7898b60a822e567ac1db83bb48f27db0d8f11a5b
                                                                                                                                                                              • Instruction Fuzzy Hash: 8DB1F731610A089FD719CF28C48AF657BB0FF45369F25865CE899CF2A2C735E992CB44
                                                                                                                                                                              Function 0088DA40 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: q3b
                                                                                                                                                                              • API String ID: 0-700147285
                                                                                                                                                                              • Opcode ID: ed0d73db6c10d598aee11e57c85d9f6272b30f4aed7ee2573854273219da7a41
                                                                                                                                                                              • Instruction ID: 3f8f9f0497f29a32413aeb78acc5cdd4e47c1f93407034e5079d66c8739bbdfe
                                                                                                                                                                              • Opcode Fuzzy Hash: ed0d73db6c10d598aee11e57c85d9f6272b30f4aed7ee2573854273219da7a41
                                                                                                                                                                              • Instruction Fuzzy Hash: 20E1E076A10204CFCB04DFBCD8A57EE7BF2FB84324F25422AE401AB394DA369D059B51
                                                                                                                                                                              Function 008B9251 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 008B9267
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FeaturePresentProcessor
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2325560087-0
                                                                                                                                                                              • Opcode ID: 0398fb0fbedaf7d73fa6119184fbf89e523169daea76cb234b7ef99955188a71
                                                                                                                                                                              • Instruction ID: dcd3775ddd481476ae09b8b5cdbad157041a3ae1b2cdae9a46b7a001cb0a90b1
                                                                                                                                                                              • Opcode Fuzzy Hash: 0398fb0fbedaf7d73fa6119184fbf89e523169daea76cb234b7ef99955188a71
                                                                                                                                                                              • Instruction Fuzzy Hash: 48518AB1A052158BEB14CF69E9817EEBBF0FB88320F24856BC551EB3A0E3749940CF50
                                                                                                                                                                              Function 0087A420 Relevance: 1.6, Strings: 1, Instructions: 381COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: *^}
                                                                                                                                                                              • API String ID: 0-2108712131
                                                                                                                                                                              • Opcode ID: 0f1f8448a32231c53166ffd494c0cdfff631991d0621009344c101a597f74654
                                                                                                                                                                              • Instruction ID: 77f440eefea4b116bf07da0d332133a96bab24628dc5befcc00efb21716792e3
                                                                                                                                                                              • Opcode Fuzzy Hash: 0f1f8448a32231c53166ffd494c0cdfff631991d0621009344c101a597f74654
                                                                                                                                                                              • Instruction Fuzzy Hash: 32D11476A54108CFCB08CEBCD4943ED7BF1FB98324F298116D419EB368CA39D8069B56
                                                                                                                                                                              Function 00846A20 Relevance: 1.6, Strings: 1, Instructions: 364COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Unknown exception
                                                                                                                                                                              • API String ID: 0-410509341
                                                                                                                                                                              • Opcode ID: 1fb96b88392b8ed5cf0914c4d1e714e7bf272d358eef58c7e54806db46bb3dfe
                                                                                                                                                                              • Instruction ID: a471299d32ca4d14d63ac735d8cd99dc9953f3a225209cbe1458e2c3913ea595
                                                                                                                                                                              • Opcode Fuzzy Hash: 1fb96b88392b8ed5cf0914c4d1e714e7bf272d358eef58c7e54806db46bb3dfe
                                                                                                                                                                              • Instruction Fuzzy Hash: 5CC10236A05109CFCB04CEBCE5A47DD7BE2FB86364F289116E441EB354EA399D0A8B11
                                                                                                                                                                              Function 0086B900 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ?{
                                                                                                                                                                              • API String ID: 0-957239399
                                                                                                                                                                              • Opcode ID: 593562bc601889596cfeebc6ed5eda0876c4293e685e3ea543a7921612c9b746
                                                                                                                                                                              • Instruction ID: 9ab08e6ae3cbfbb543ade59265deb56971c6333689b84208aa58802812daeecd
                                                                                                                                                                              • Opcode Fuzzy Hash: 593562bc601889596cfeebc6ed5eda0876c4293e685e3ea543a7921612c9b746
                                                                                                                                                                              • Instruction Fuzzy Hash: BEB16776A021148FCB05CE7CC0A53EE3BE5F749378F2A8216C961EB391DA265D468F50
                                                                                                                                                                              Function 00861AF0 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Y]a
                                                                                                                                                                              • API String ID: 0-2106746526
                                                                                                                                                                              • Opcode ID: 9a9e2b0e8a4eb905cf61b908beb0909af872a312ee0134901376f24ac50e0e17
                                                                                                                                                                              • Instruction ID: e32c5b3a1d3daffcbc07de874f9deb2e6c4d2de1813385dcb4361bdd4fc5d5cd
                                                                                                                                                                              • Opcode Fuzzy Hash: 9a9e2b0e8a4eb905cf61b908beb0909af872a312ee0134901376f24ac50e0e17
                                                                                                                                                                              • Instruction Fuzzy Hash: 8DB10676A442188FCF04CE7CD5A87EE7BF2FB49364F2A4115D801EB356DA3698099F90
                                                                                                                                                                              Function 00882DB0 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: csx
                                                                                                                                                                              • API String ID: 0-3464202224
                                                                                                                                                                              • Opcode ID: 93cfc6ddff1f66550a44d05eba94474368031723251ecf352bf9315ad051c848
                                                                                                                                                                              • Instruction ID: 956d1684dde1738cceb8f461ac82a96bb0c13c60d16894ec9d25dce998330f09
                                                                                                                                                                              • Opcode Fuzzy Hash: 93cfc6ddff1f66550a44d05eba94474368031723251ecf352bf9315ad051c848
                                                                                                                                                                              • Instruction Fuzzy Hash: 6BB12836A44615CFDF009E7CC8A93EF7BE2FB85724F24461AD510DB3D5CA3A9A099B40
                                                                                                                                                                              Function 0089CBD0 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: R9#
                                                                                                                                                                              • API String ID: 0-2883767798
                                                                                                                                                                              • Opcode ID: cfb1ea93034f168698c61617c0e179533bd1c220913d151ac9e733e1343ca6ca
                                                                                                                                                                              • Instruction ID: 8df18440c44d4b4e843ba7b5fdf3e42622bff65562aedfc97f3dc94c7a775822
                                                                                                                                                                              • Opcode Fuzzy Hash: cfb1ea93034f168698c61617c0e179533bd1c220913d151ac9e733e1343ca6ca
                                                                                                                                                                              • Instruction Fuzzy Hash: E1B1B276A042198FCF049F7CC4956EE7FE2FB89354F29421AD856BB3A4C9365801CB90
                                                                                                                                                                              Function 008BBC92 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                              • Opcode ID: 63792605a3c3d5d448ed7c1a54461632871376ce87600f141905d8a685a545d2
                                                                                                                                                                              • Instruction ID: a371662185867ceaf0afdcb3d195f7edac4c7cee5a74143a9ab36a304520ef4c
                                                                                                                                                                              • Opcode Fuzzy Hash: 63792605a3c3d5d448ed7c1a54461632871376ce87600f141905d8a685a545d2
                                                                                                                                                                              • Instruction Fuzzy Hash: 5CB1C070904A0A8BCB24CE68C995AFEBBB1FF44304F18061DE592D77A1CBB5EE45CB51
                                                                                                                                                                              Function 00886AF0 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ?\{
                                                                                                                                                                              • API String ID: 0-1873782291
                                                                                                                                                                              • Opcode ID: b779541d9656b4a4ab024f4c35bd7e3d2ccf796f210ea53ed539a564e08f1c84
                                                                                                                                                                              • Instruction ID: 072a8dae7b22bd94713f571aec9d9a529a9de69e21fb248b2d240fea5e855e9c
                                                                                                                                                                              • Opcode Fuzzy Hash: b779541d9656b4a4ab024f4c35bd7e3d2ccf796f210ea53ed539a564e08f1c84
                                                                                                                                                                              • Instruction Fuzzy Hash: 9091317AB45108CFCB04DF7CD9946EE7BF2FB88348F288119C441EB354EA3598169B94
                                                                                                                                                                              Function 008B90D4 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_000891FB), ref: 008B90D9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                              • Opcode ID: 3feefc6561c1af08ef66901450e245189240d5f71197534bf28d83ce36063aa7
                                                                                                                                                                              • Instruction ID: 69c7762139ccf8c2eb2b7237efc640b5d7a070a36fc05fb10d8219aae120dad4
                                                                                                                                                                              • Opcode Fuzzy Hash: 3feefc6561c1af08ef66901450e245189240d5f71197534bf28d83ce36063aa7
                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                              Function 0086CAB0 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: DPu_
                                                                                                                                                                              • API String ID: 0-4027776784
                                                                                                                                                                              • Opcode ID: 942fe962b5dae82bcb915909b095b6820f2aff70bac31064e1157ffe36e55643
                                                                                                                                                                              • Instruction ID: b5aa10f4bd36285dabf2783d2f5ca8a0ef9e40ea67347169e274e594f76d9d9a
                                                                                                                                                                              • Opcode Fuzzy Hash: 942fe962b5dae82bcb915909b095b6820f2aff70bac31064e1157ffe36e55643
                                                                                                                                                                              • Instruction Fuzzy Hash: 0E51C376E011198FCB00CFBCD5A57EEBBF2FB49324F16421AD865A73D0D62A5D048BA1
                                                                                                                                                                              Function 0084DC60 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: j+C
                                                                                                                                                                              • API String ID: 0-1395560066
                                                                                                                                                                              • Opcode ID: e6fd2459bc017413ea0a0f4fd569e3d39c6159e3ff04f3e44168dfeb298e2195
                                                                                                                                                                              • Instruction ID: 9fc5d1121fb5c28978e813f5559c91bdb801bed4098938c4fe399b656ed686ea
                                                                                                                                                                              • Opcode Fuzzy Hash: e6fd2459bc017413ea0a0f4fd569e3d39c6159e3ff04f3e44168dfeb298e2195
                                                                                                                                                                              • Instruction Fuzzy Hash: E141D1B2E406198BCB00CE7CC4947EE7BE6FB59324F250329C824EB3D0D66659088B91
                                                                                                                                                                              Function 00848100 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: il:
                                                                                                                                                                              • API String ID: 0-1662848192
                                                                                                                                                                              • Opcode ID: f971c95c31d829d87cd745460b8fa2daa05065376a14ce2eabf01b98b2be091d
                                                                                                                                                                              • Instruction ID: 62cd72e3b280e2a084990d18c3a9e920e09df0ee32709784ea0b34c5e4e04a9b
                                                                                                                                                                              • Opcode Fuzzy Hash: f971c95c31d829d87cd745460b8fa2daa05065376a14ce2eabf01b98b2be091d
                                                                                                                                                                              • Instruction Fuzzy Hash: F641F476E44229CFDB04CE7CC4947EE7BF2FB49324F15021AD815A7391DA3B590A8B90
                                                                                                                                                                              Function 00888290 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: }sZ1
                                                                                                                                                                              • API String ID: 0-4281124016
                                                                                                                                                                              • Opcode ID: 5104e8a5a2814bd3e7cbc1c17ad3ce2817868e79a4b63015dbcce70f8ecc2599
                                                                                                                                                                              • Instruction ID: 4bdfb836b8f16a1cb2922b669f64fbf5dd832af2f942f7b8ca9c28f5a4a1da06
                                                                                                                                                                              • Opcode Fuzzy Hash: 5104e8a5a2814bd3e7cbc1c17ad3ce2817868e79a4b63015dbcce70f8ecc2599
                                                                                                                                                                              • Instruction Fuzzy Hash: 1F417836A4051ACFCB00DE7CD8A17EF7BE1FB85364F65432AD420D7390CA2A59098F90
                                                                                                                                                                              Function 008BFB4D Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                              • Opcode ID: def1b392b9e820822d07e5dfbd4798b633b5105f22f1ae84c7842ef815d97875
                                                                                                                                                                              • Instruction ID: 50af7804925d1e3ac5c7f2f004ff294e832ccf521acb9a5a09ba9001fb3b0334
                                                                                                                                                                              • Opcode Fuzzy Hash: def1b392b9e820822d07e5dfbd4798b633b5105f22f1ae84c7842ef815d97875
                                                                                                                                                                              • Instruction Fuzzy Hash: 52A01130A032008B83088F30AB083083BAABA08280B08822AA000C22B0EA2888008A02
                                                                                                                                                                              Function 0085F0E0 Relevance: 1.0, Instructions: 952COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: aeeeab231b837a4ff67201bd624d74b4429786fd56008ce9c813fcbbc3e0a583
                                                                                                                                                                              • Instruction ID: 3c629d95db9d595ccc799bd8251aa28265d86faa62a21044863ca7a84de829d2
                                                                                                                                                                              • Opcode Fuzzy Hash: aeeeab231b837a4ff67201bd624d74b4429786fd56008ce9c813fcbbc3e0a583
                                                                                                                                                                              • Instruction Fuzzy Hash: 51826A79A00618CFCB04DFACD4956AEBBF2FB89310F24856AE905EB355DA31AC05DF41
                                                                                                                                                                              Function 008691F0 Relevance: .7, Instructions: 683COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4fc59bed36ef831ffce038eae03532d965b38210e8f24e791217395d9cb38d40
                                                                                                                                                                              • Instruction ID: 8172cd1d37740a7d07495075cae55e7e79f7ca5a2c9bf781baeadb95caa97735
                                                                                                                                                                              • Opcode Fuzzy Hash: 4fc59bed36ef831ffce038eae03532d965b38210e8f24e791217395d9cb38d40
                                                                                                                                                                              • Instruction Fuzzy Hash: B2326C7AA00614DFCB04CFACC5A57EE7BF5FB89320F264219D445EB3A4DA35AC069B41
                                                                                                                                                                              Function 00861060 Relevance: .7, Instructions: 662COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ec2d05bb21442d09a5375aa56086259f4b66584e732bcf8b3636c6f1537ad981
                                                                                                                                                                              • Instruction ID: eb48814c3ad00b15c0b239204fda3cb7b078fc5d1350cc60d2567df658172cf7
                                                                                                                                                                              • Opcode Fuzzy Hash: ec2d05bb21442d09a5375aa56086259f4b66584e732bcf8b3636c6f1537ad981
                                                                                                                                                                              • Instruction Fuzzy Hash: B3427D75E11208CFCB04CFACD89569DBBF2FB89314F198629E815EB355DB35A805CB81
                                                                                                                                                                              Function 008B5C10 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fb82b1572f894829156c5dd15a6c2b5cc0c7d4934ffcd709028398122ae78fec
                                                                                                                                                                              • Instruction ID: 90412e28389008637c2091f10c73152f969d48a2ddf2a677e5983069e80f5ab9
                                                                                                                                                                              • Opcode Fuzzy Hash: fb82b1572f894829156c5dd15a6c2b5cc0c7d4934ffcd709028398122ae78fec
                                                                                                                                                                              • Instruction Fuzzy Hash: A2121636A14615CFCF04CE7CC9A47EE7BE2FB49324F295315C452EB3A4D62A9806DB60
                                                                                                                                                                              Function 00882350 Relevance: .6, Instructions: 551COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a67c6c683a8e58879632a8fc601ab2e7e0e3d99b09050ca29ed3f5c7d7fad79a
                                                                                                                                                                              • Instruction ID: 55b3a98be016d1835bd9492e0cff5f72b8528a3bb0381552cf564367602192fd
                                                                                                                                                                              • Opcode Fuzzy Hash: a67c6c683a8e58879632a8fc601ab2e7e0e3d99b09050ca29ed3f5c7d7fad79a
                                                                                                                                                                              • Instruction Fuzzy Hash: 62120276A00215CFCB04DE7CD4A57EE7BF2FB49324F258219D851EB391DA3698069F50
                                                                                                                                                                              Function 0088F9A0 Relevance: .5, Instructions: 514COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 809d7e3fb9c2e5eeb5d352ce71320e3635a7f1c3c548ef45871003457e617dfa
                                                                                                                                                                              • Instruction ID: f8a68bfee14bf44cb22371f6f1b9942a01a326e1eee9aa52d27a5ea168523d82
                                                                                                                                                                              • Opcode Fuzzy Hash: 809d7e3fb9c2e5eeb5d352ce71320e3635a7f1c3c548ef45871003457e617dfa
                                                                                                                                                                              • Instruction Fuzzy Hash: D8029E75E046188FCF04EEBCD4956EEBBF2FB89320F284129E941EB355D6349C458B91
                                                                                                                                                                              Function 0089D350 Relevance: .5, Instructions: 502COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f221e714d91ff3b5dd73f811275d658aace8e17a8aa64d04467592c7d3ac702a
                                                                                                                                                                              • Instruction ID: 73609e4f3a6940c49ad4fe2396d13731a99711f88daed3ef2f7b6250796b7365
                                                                                                                                                                              • Opcode Fuzzy Hash: f221e714d91ff3b5dd73f811275d658aace8e17a8aa64d04467592c7d3ac702a
                                                                                                                                                                              • Instruction Fuzzy Hash: 7C020436A442048FCF04DEBCD5946ED7BF2FB8A328F285219D852EB394D6399C059B58
                                                                                                                                                                              Function 00840130 Relevance: .5, Instructions: 488COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 59756381a80992b9124d965baebc99da9e818864751214c7df187fbd33446522
                                                                                                                                                                              • Instruction ID: 0c9119722682a5dba90dd8a9c3b351fbc4359248e5ebd840f78f42af56984051
                                                                                                                                                                              • Opcode Fuzzy Hash: 59756381a80992b9124d965baebc99da9e818864751214c7df187fbd33446522
                                                                                                                                                                              • Instruction Fuzzy Hash: C402AF76E05219CFCB04CFACD594A9EBBF2FB88304F248119E955EB364CA35A801DF91
                                                                                                                                                                              Function 0086D190 Relevance: .5, Instructions: 464COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f7c28a7cdda9433a62ecd81d8cae646e83327e68df113f6e9aa44902e7100766
                                                                                                                                                                              • Instruction ID: ef63760fff3f6aa447714e42bc4f9ab58e55aea0b0a8cba99f676769020ab9d2
                                                                                                                                                                              • Opcode Fuzzy Hash: f7c28a7cdda9433a62ecd81d8cae646e83327e68df113f6e9aa44902e7100766
                                                                                                                                                                              • Instruction Fuzzy Hash: 76029B76E006198FCB04CFACD4A5ADEBBF2FB89310F268155D901EB364D635AC069F91
                                                                                                                                                                              Function 008B2970 Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: dd569ca6f0c223ceff2c229e39e1480c5c351bf78d367eba955d357260aae7d3
                                                                                                                                                                              • Instruction ID: 411a1f739111bac692ca0bd4e9e46e910d964f4f6a3be3ae5d978b76ac994385
                                                                                                                                                                              • Opcode Fuzzy Hash: dd569ca6f0c223ceff2c229e39e1480c5c351bf78d367eba955d357260aae7d3
                                                                                                                                                                              • Instruction Fuzzy Hash: 6DE15776A04119CFCB04CEBCD4A57EE7BF2FB85330F285219D455EB394DA3A980A9B50
                                                                                                                                                                              Function 00842A20 Relevance: .4, Instructions: 433COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: eeb27034af286806b5a07bcf6cd1b215132d5e0964acba48fc5601a359ad95ee
                                                                                                                                                                              • Instruction ID: 0f1d419675403b0ab6f7a2aa123cc9f17504f1375501d160ae8cb05a5f687194
                                                                                                                                                                              • Opcode Fuzzy Hash: eeb27034af286806b5a07bcf6cd1b215132d5e0964acba48fc5601a359ad95ee
                                                                                                                                                                              • Instruction Fuzzy Hash: DCE11336A14A19CFCB00CE7CD8A47DE7BF2F759324F694215E810EB794DA36980A9F40
                                                                                                                                                                              Function 008A4CA0 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 94f1bd6d38537fd0c63e829a3bf47a01cdfda28ee3e405e986b8cfa6acc296a1
                                                                                                                                                                              • Instruction ID: 400daf07a647a2984189dbff5945ff4d2dc8dcd07c296993da7b294701d1b5c0
                                                                                                                                                                              • Opcode Fuzzy Hash: 94f1bd6d38537fd0c63e829a3bf47a01cdfda28ee3e405e986b8cfa6acc296a1
                                                                                                                                                                              • Instruction Fuzzy Hash: FCE10F36E002048FDF04CEBCD5A43EE7BF2FB86324F259119D455EB791DA7AA8098B50
                                                                                                                                                                              Function 0084FD00 Relevance: .4, Instructions: 426COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7ee32b98a11af1b05f9e128b0d24dde7e5bf9ed59d4267b41a64394f98c2f3f2
                                                                                                                                                                              • Instruction ID: 470d53462a7e73669f8673e2338fb78af72e906082b165ca809b7cacd993c59e
                                                                                                                                                                              • Opcode Fuzzy Hash: 7ee32b98a11af1b05f9e128b0d24dde7e5bf9ed59d4267b41a64394f98c2f3f2
                                                                                                                                                                              • Instruction Fuzzy Hash: 5BE10E76A04609CFCB04CFBCD9A47EE7BF2FB84329F244229D941EB355DA3598098B45
                                                                                                                                                                              Function 0089FDD0 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fc15c14ac315d38a150d5867a2466195648ca4502226b0ad7239476ba86898b9
                                                                                                                                                                              • Instruction ID: f5428d07510c4ad70a1698cc91a647f22034c909ea3a4078039592c397d843e7
                                                                                                                                                                              • Opcode Fuzzy Hash: fc15c14ac315d38a150d5867a2466195648ca4502226b0ad7239476ba86898b9
                                                                                                                                                                              • Instruction Fuzzy Hash: 53E11F36A002048FDB08CE7CD5A47EE77E2FB8A325F298229D541DF7A1C63699069F50
                                                                                                                                                                              Function 0084CA40 Relevance: .4, Instructions: 417COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6b0cb9d47e61db43b4c2588c7789ab2c888c48b33aa946b8f8c576fe64cf9816
                                                                                                                                                                              • Instruction ID: 25ddbf33162d309835c90eee4042d8df0ba032c444a322ed9bfbb7d88f350f0e
                                                                                                                                                                              • Opcode Fuzzy Hash: 6b0cb9d47e61db43b4c2588c7789ab2c888c48b33aa946b8f8c576fe64cf9816
                                                                                                                                                                              • Instruction Fuzzy Hash: 4AE1E376A42109CFCB04CFBCD4A57EEBBF6FB85314F24812AD441EB354CA3A99069B50
                                                                                                                                                                              Function 0084EBB0 Relevance: .4, Instructions: 413COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7de12be28e32ce78e6b2f87409bf63fe82e6ecbb600f85d3dc53a98079580db4
                                                                                                                                                                              • Instruction ID: d47520cc5e1e624bba032675d1ee97fc2e7503c6831d031b8577e08bbaca3b41
                                                                                                                                                                              • Opcode Fuzzy Hash: 7de12be28e32ce78e6b2f87409bf63fe82e6ecbb600f85d3dc53a98079580db4
                                                                                                                                                                              • Instruction Fuzzy Hash: 79D1B136A0421DCFCF08CEBCC5957EE7BE2FB85318F25462AC501EB396DA3598468B54
                                                                                                                                                                              Function 0086D8B0 Relevance: .4, Instructions: 409COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ae821b508445072f41b90f03951c9978bd5fec86bc357adf4bf60be634d8c655
                                                                                                                                                                              • Instruction ID: 0ba35b5c82b84d32ddfb570ffe6b61adc3c468843d1a15317e3c527c4650deee
                                                                                                                                                                              • Opcode Fuzzy Hash: ae821b508445072f41b90f03951c9978bd5fec86bc357adf4bf60be634d8c655
                                                                                                                                                                              • Instruction Fuzzy Hash: 76E19176E002188FCB04DFBCD5952DEBBF2FB84310F26462AD855AB355D6359D05CB81
                                                                                                                                                                              Function 00891020 Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 46e0293e633275305f8b41895c0c6180a42fb1f48bd7e0f35827c37402ec8a2b
                                                                                                                                                                              • Instruction ID: 0520dc0012c3b4d458467ec2f1d91ff50a231e7f3f757165d60f943b0c63d999
                                                                                                                                                                              • Opcode Fuzzy Hash: 46e0293e633275305f8b41895c0c6180a42fb1f48bd7e0f35827c37402ec8a2b
                                                                                                                                                                              • Instruction Fuzzy Hash: 16D12376A081068FCF01CEBCD9983ED7BE2FB89324F2A5116D851EB395C2369C099F50
                                                                                                                                                                              Function 00872350 Relevance: .4, Instructions: 402COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 092d0517cf5cb1a1ee785652ceebc40084d3ca8fd8893fa3f993433a762f9b14
                                                                                                                                                                              • Instruction ID: 501223515a3f1a2a6ef4f8592462e7677b266e10ad129097051af1ac846a266e
                                                                                                                                                                              • Opcode Fuzzy Hash: 092d0517cf5cb1a1ee785652ceebc40084d3ca8fd8893fa3f993433a762f9b14
                                                                                                                                                                              • Instruction Fuzzy Hash: 89F17C75E012088FCB04CFA8D5956ADBBF2FB88304F24816AD415AB359DB39AC06CF95
                                                                                                                                                                              Function 0083C960 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8112817ed0cdf4a8aa694df2d6dce9cd5d8eb04b169bbb5173c22fbc1db67f40
                                                                                                                                                                              • Instruction ID: e2946dbea6dde1a5510417d377de0351deda2850842b9995bd681d21c3c8fb94
                                                                                                                                                                              • Opcode Fuzzy Hash: 8112817ed0cdf4a8aa694df2d6dce9cd5d8eb04b169bbb5173c22fbc1db67f40
                                                                                                                                                                              • Instruction Fuzzy Hash: F0D19F76E002098FCB04CF7CD5957EEBBF2FB89310F158629D441EB355DA39A8068B91
                                                                                                                                                                              Function 00857100 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 248787a4171c6fd0e2c0725d81f1d97699d094c47a04569b928c017d32dba0a1
                                                                                                                                                                              • Instruction ID: f02aba005107e19e5c5952b0abf10fa0ec08a8a3263e06fe8a0d155b19e55276
                                                                                                                                                                              • Opcode Fuzzy Hash: 248787a4171c6fd0e2c0725d81f1d97699d094c47a04569b928c017d32dba0a1
                                                                                                                                                                              • Instruction Fuzzy Hash: 7DC11476A446148FCB04CE7CE4A57EE7BE2FB59331F258219DC11EB390E636990D8B50
                                                                                                                                                                              Function 0084D470 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8c9bc623e12eacb5104dc231c0e21d8b53c54521d722af830d82527fa83bb2e3
                                                                                                                                                                              • Instruction ID: f151b1253d1cff8c7cb55ef3aa81072b65b1a1b7762b86b11309ff6dd849fe9f
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c9bc623e12eacb5104dc231c0e21d8b53c54521d722af830d82527fa83bb2e3
                                                                                                                                                                              • Instruction Fuzzy Hash: DBC12476A01719CFCB00CE7CD5A07EE7BF2F789324F264226D411EB395DA3A98099B54
                                                                                                                                                                              Function 00846590 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fbd6e467e147810f58ba92ec7d65f7e39a1d230cad4c22ba4c2309d970be40a0
                                                                                                                                                                              • Instruction ID: f795ef052f6786481b386dfd122cf3dda4e5d507c79bc7567597dd1a0f1040f1
                                                                                                                                                                              • Opcode Fuzzy Hash: fbd6e467e147810f58ba92ec7d65f7e39a1d230cad4c22ba4c2309d970be40a0
                                                                                                                                                                              • Instruction Fuzzy Hash: 06C13976A00618CFCF04CEBCD4A57DE7BE2FB46324F26421AD415EB391EA3A9D058B41
                                                                                                                                                                              Function 00876C00 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 009a6c631ad4e7f144eddaab005b60dc8e69c08b271480476b741b7194ae3255
                                                                                                                                                                              • Instruction ID: 837faa4f1c721bd3e7021841c8628ba9e4e09dff21c2a0002459286dfcec1d81
                                                                                                                                                                              • Opcode Fuzzy Hash: 009a6c631ad4e7f144eddaab005b60dc8e69c08b271480476b741b7194ae3255
                                                                                                                                                                              • Instruction Fuzzy Hash: 87C11876A045158FDF00CB7CC4A57EE7BF1FB84324F25822AC545EB3A5DA3AD8059B90
                                                                                                                                                                              Function 0084E1C0 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f110d66392967c42ee008b961d38f692a240a89e820d4f999a226418dfe8a0e8
                                                                                                                                                                              • Instruction ID: 99355fbd390fe74f40c8db3d7aba963941fb473521c002eb95d62dcbff551d34
                                                                                                                                                                              • Opcode Fuzzy Hash: f110d66392967c42ee008b961d38f692a240a89e820d4f999a226418dfe8a0e8
                                                                                                                                                                              • Instruction Fuzzy Hash: 95C12476E0021D8FCB00CEBCD5947DE7BF6FBA9324F2A5215D411EB390D67A98098B54
                                                                                                                                                                              Function 0085DBB0 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8592e81c97b75be9e8bc21d98ae180560e11f410a7d972ad23c75bdf7449f39b
                                                                                                                                                                              • Instruction ID: 5261c6d86fd968f17e54506492f9d0c518d97c37cdc8936f7bb077288431135f
                                                                                                                                                                              • Opcode Fuzzy Hash: 8592e81c97b75be9e8bc21d98ae180560e11f410a7d972ad23c75bdf7449f39b
                                                                                                                                                                              • Instruction Fuzzy Hash: 50C1F176A006148FCF04CE7CD8A57EE7BF2FB89325F29521ADC11AB394DA765D098B40
                                                                                                                                                                              Function 008A7840 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8adddcd385604743f9aaa9e9207c92f5b4e9112c365d39ce5411ec094b0c3acd
                                                                                                                                                                              • Instruction ID: b19d30ab34f66638b8fb704e1359a07ad9ae9554e5758e503129ecb7c403d0e3
                                                                                                                                                                              • Opcode Fuzzy Hash: 8adddcd385604743f9aaa9e9207c92f5b4e9112c365d39ce5411ec094b0c3acd
                                                                                                                                                                              • Instruction Fuzzy Hash: E0B14A76E081148FDF04CF7CC9543EE7BE2F78A324F19021AC951EB791CA3A5846AB95
                                                                                                                                                                              Function 0087C050 Relevance: .3, Instructions: 341COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e5c8cdf058899255c7373565fb3809321e316b5ec56f275b20758615d6d9c24b
                                                                                                                                                                              • Instruction ID: 695f67fad0d72b19d3bd5f3f481735a9c1a45e059ad0dfdd40331aa7736cbdf5
                                                                                                                                                                              • Opcode Fuzzy Hash: e5c8cdf058899255c7373565fb3809321e316b5ec56f275b20758615d6d9c24b
                                                                                                                                                                              • Instruction Fuzzy Hash: E2B10836A14108CFDF049E7CD8953EE7BF2FB89314F15822EC815F7399CA2698059B95
                                                                                                                                                                              Function 00840AA0 Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 180444484a907466aa1d9297f204565f0b398a205e74906d12ce6edb10a96669
                                                                                                                                                                              • Instruction ID: dc2b173fa6a78bfb175a99a6b853829204f87f4ad35e383386a761691949a20f
                                                                                                                                                                              • Opcode Fuzzy Hash: 180444484a907466aa1d9297f204565f0b398a205e74906d12ce6edb10a96669
                                                                                                                                                                              • Instruction Fuzzy Hash: 9CB14576A55608CFCB00CEBCD4A47EF7BE2FB88364F244629D911EB394CA3A58058F14
                                                                                                                                                                              Function 0086E160 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 07e60a7641dc4c29998f4b775cc5a0904781240a4720cef262d7c56808f1bcf9
                                                                                                                                                                              • Instruction ID: 8857f6b609e599fbea26b3502bd075229aeb4c3abb5bc8c97fbd656930e375ac
                                                                                                                                                                              • Opcode Fuzzy Hash: 07e60a7641dc4c29998f4b775cc5a0904781240a4720cef262d7c56808f1bcf9
                                                                                                                                                                              • Instruction Fuzzy Hash: 44C1453AA05109CFCB04CEBCD9956ED7BF2FB99344F26821AE811EB758DA348905DF11
                                                                                                                                                                              Function 00887880 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 955556f0c943ad5a9811d21d50f490f707652aec2c6c2eb2bf99162b66f3ccad
                                                                                                                                                                              • Instruction ID: c31e053cdb87e0d0c9579ae8b68678d52553132e4de4e3cc476beb11355ded47
                                                                                                                                                                              • Opcode Fuzzy Hash: 955556f0c943ad5a9811d21d50f490f707652aec2c6c2eb2bf99162b66f3ccad
                                                                                                                                                                              • Instruction Fuzzy Hash: 1BB11272A14115CFCB04EEBCD8A87EE7BF2FB85320F254519D815AB394DA369C059B80
                                                                                                                                                                              Function 0083EDE0 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4bdc8313e239b44e8ea23970100afb341f09aa22ce75bc8de9f630d388a3787a
                                                                                                                                                                              • Instruction ID: d3f37671556a0101cbd16ee25b62336116f020ba18f1ab35861c774a0b54e1e3
                                                                                                                                                                              • Opcode Fuzzy Hash: 4bdc8313e239b44e8ea23970100afb341f09aa22ce75bc8de9f630d388a3787a
                                                                                                                                                                              • Instruction Fuzzy Hash: 68B1F576A44119CFCF04CEBCD5947EE7BF1FB89324F254229D911EB395CA3A98058B90
                                                                                                                                                                              Function 0089B8A0 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9f050bbadc7df10d4bd86ae2252178e02c5151d8961d9db49aded2978e2f285b
                                                                                                                                                                              • Instruction ID: 23415fd2e2336f792d4e347383e103de6f6f009e2f68ad5c38f8e7491e2afb3e
                                                                                                                                                                              • Opcode Fuzzy Hash: 9f050bbadc7df10d4bd86ae2252178e02c5151d8961d9db49aded2978e2f285b
                                                                                                                                                                              • Instruction Fuzzy Hash: 65B1F076A012088FCF04DEBCE6956ED7BF2FB89314F288629D452EB354DA369C05CB54
                                                                                                                                                                              Function 00896A60 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4fef0ed44d8f8e7927e9445a25919b35f7c4811e8853fbc9f31aac7189eba965
                                                                                                                                                                              • Instruction ID: c7fa06f6e9c98eb22d51e5514f00f18ae2f79a8575782d0c827c0d2c48ad4800
                                                                                                                                                                              • Opcode Fuzzy Hash: 4fef0ed44d8f8e7927e9445a25919b35f7c4811e8853fbc9f31aac7189eba965
                                                                                                                                                                              • Instruction Fuzzy Hash: 3FA1E536A041158FCF04DE7CC9A43EE7BF6FB49374F294215D461EB3A0E63A98099B54
                                                                                                                                                                              Function 00855250 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 485015dcb906a58b44007790afe2dfd2bf162bde8db8b4d6cc0fb2d0aafc62b0
                                                                                                                                                                              • Instruction ID: 3185a5da4e57e96c6e5a697c5abfb828449f33cc034852c1470d7544b6f03ad3
                                                                                                                                                                              • Opcode Fuzzy Hash: 485015dcb906a58b44007790afe2dfd2bf162bde8db8b4d6cc0fb2d0aafc62b0
                                                                                                                                                                              • Instruction Fuzzy Hash: 56A14776A44A05CFCB008E7CC8B43DE7BE2F755323F695216C815EB390DA26990E9B10
                                                                                                                                                                              Function 00891910 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ec5c64ce9820f68065f29ba4d6a44539eff410fa5ae832df7d851d8ad93abe62
                                                                                                                                                                              • Instruction ID: 354f092d6e0421cc703687c4cd99050114a4426e0be8172ae39f82943be22d89
                                                                                                                                                                              • Opcode Fuzzy Hash: ec5c64ce9820f68065f29ba4d6a44539eff410fa5ae832df7d851d8ad93abe62
                                                                                                                                                                              • Instruction Fuzzy Hash: 0DA1F236B486168FCF049E7CC9A83DE7BF2FB85324F2D5219C451EB394D62A9D098B50
                                                                                                                                                                              Function 008B63F0 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: de04748863ce42152c6fe64fc150059d6231bf9194519d95a1a3d4fc7084c83c
                                                                                                                                                                              • Instruction ID: aa564249b506cf3ffc5506061ae3a5049f3181cec8fe200f3bdadaa4ba3d7ecf
                                                                                                                                                                              • Opcode Fuzzy Hash: de04748863ce42152c6fe64fc150059d6231bf9194519d95a1a3d4fc7084c83c
                                                                                                                                                                              • Instruction Fuzzy Hash: 4AA13636A40619CFCB00CE7CC4A47EE3BE6F745334F285329C410EB794EA2E98599B54
                                                                                                                                                                              Function 0087D070 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0e709fd7080d6b306a3d009931976b3de82d6bc5fd0f91decf472a41935d45de
                                                                                                                                                                              • Instruction ID: 2fecb15c86b874834e8616affd4c3e2d7772f126d41ecf04436553b80c2d314a
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e709fd7080d6b306a3d009931976b3de82d6bc5fd0f91decf472a41935d45de
                                                                                                                                                                              • Instruction Fuzzy Hash: 6FA1F736A41215CFCB04CE7CC9957EE7BF1FF49324F298215C415EB3A4DA26D8059BA4
                                                                                                                                                                              Function 00878470 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f32091e26ea52ed32d19fea0ea04e49a005f9d269bd62be3eb2e02522705f6d7
                                                                                                                                                                              • Instruction ID: f95ad0e6bb0d94c053796994ca83ff0f44a93d1e8c14b9fe17969b5c43e31ba1
                                                                                                                                                                              • Opcode Fuzzy Hash: f32091e26ea52ed32d19fea0ea04e49a005f9d269bd62be3eb2e02522705f6d7
                                                                                                                                                                              • Instruction Fuzzy Hash: A4B10776A54214CFCB04CFBCD8986EE7BF1FB49364F288216D815EB398CA39D8058B54
                                                                                                                                                                              Function 008855D0 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6884f3c808edfb46ccd6ba68adec5a5836d11509b9835be1235d8f819dfdbb1d
                                                                                                                                                                              • Instruction ID: 26f1ef12e6e8e2f82a988d2750ea4a5acafecbc3b3808f4b3878417e6fd42d51
                                                                                                                                                                              • Opcode Fuzzy Hash: 6884f3c808edfb46ccd6ba68adec5a5836d11509b9835be1235d8f819dfdbb1d
                                                                                                                                                                              • Instruction Fuzzy Hash: B2A13636A40519CFCF04DE7CD8A53EE7BF2F755324F28521AC801EB399DA76980A9B50
                                                                                                                                                                              Function 0087D490 Relevance: .3, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4b663dec6ff5061bcd9197ae02f8bafe0cba316d34296de3bcc72f8c56935125
                                                                                                                                                                              • Instruction ID: 381b87c26d247bf1f007203fc9525e3b425162ff5463fb4d4cd288e8bed149bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 4b663dec6ff5061bcd9197ae02f8bafe0cba316d34296de3bcc72f8c56935125
                                                                                                                                                                              • Instruction Fuzzy Hash: 51A1E376A40215CFCB048E7CC8543EE7BF1FF89324F298629C555AB398DA3AD8059B50
                                                                                                                                                                              Function 008B1C40 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 333edf21acd18693f1f194dd5bc706480c0a460d7bfb06e93eaf788f2ee04f92
                                                                                                                                                                              • Instruction ID: 244ce21fc9fe3534832bdc2bcc142ccd86b6a5849c9e133c133957b70a38940d
                                                                                                                                                                              • Opcode Fuzzy Hash: 333edf21acd18693f1f194dd5bc706480c0a460d7bfb06e93eaf788f2ee04f92
                                                                                                                                                                              • Instruction Fuzzy Hash: B7A1CF76E842098FCF04CFACD5A46EDBBF2FB88350F688116D841EB354D6359806DB91
                                                                                                                                                                              Function 00854C40 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f49a292f92ec2a50c4faf64cc7bbae2754936ef4ea092311f7e5453982127285
                                                                                                                                                                              • Instruction ID: bd156f418c1b482a538dc54ef4866a9db3dd1bde47120d5aa7c459fe1bb9d22a
                                                                                                                                                                              • Opcode Fuzzy Hash: f49a292f92ec2a50c4faf64cc7bbae2754936ef4ea092311f7e5453982127285
                                                                                                                                                                              • Instruction Fuzzy Hash: 68A1DF76A05109CFCB04CFBCE9956EEBBF2FB88319F24511AD801EB354CA369D498B50
                                                                                                                                                                              Function 00887270 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c3305d51785bb31f24de96ac935d4032f0812269239bd906201a4958d3f2cd7f
                                                                                                                                                                              • Instruction ID: 3a4889d36b687db1580e1bb6a852e16c0efa3157b06b759d475792d047bd2323
                                                                                                                                                                              • Opcode Fuzzy Hash: c3305d51785bb31f24de96ac935d4032f0812269239bd906201a4958d3f2cd7f
                                                                                                                                                                              • Instruction Fuzzy Hash: 59A10336A086158FCF00DE7CC9A53DD7BF2F758364F394219D411EB3A4DA2AD909AB50
                                                                                                                                                                              Function 0087F400 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: daf99572d33b4a9145be2db76673d99598e0d4c062dcd38597278098ad90810d
                                                                                                                                                                              • Instruction ID: 94c1a32d7a036feadae5da43991840c956035b02a7c3db0068c841c871652f1f
                                                                                                                                                                              • Opcode Fuzzy Hash: daf99572d33b4a9145be2db76673d99598e0d4c062dcd38597278098ad90810d
                                                                                                                                                                              • Instruction Fuzzy Hash: E1A10676A40104CFCB04CE7DC9947DD7BE2F799364F298226C619EB3E9CA26D9059F10
                                                                                                                                                                              Function 0087CCA0 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 461d9904c56b777bff39f858fe12107e72e3491c7987d169e3356a1a7b516008
                                                                                                                                                                              • Instruction ID: 416e250707416d23680ee4fc7029df8870e08aa727fa455a4169fdb058795e6e
                                                                                                                                                                              • Opcode Fuzzy Hash: 461d9904c56b777bff39f858fe12107e72e3491c7987d169e3356a1a7b516008
                                                                                                                                                                              • Instruction Fuzzy Hash: 8C910636A15209CFCB04CE7CC9943ED7BF1FB89354F29961AC804EB358DA36D9069B60
                                                                                                                                                                              Function 008A24B0 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8f0e767be2552c12c6f9b2cd7d592aa1dfce9599103214538153fe45dbc263de
                                                                                                                                                                              • Instruction ID: 5020bdf75dbe70b9b0135bb811f82d30fbc62cdc5786a09d9440a4a5f4fd477b
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f0e767be2552c12c6f9b2cd7d592aa1dfce9599103214538153fe45dbc263de
                                                                                                                                                                              • Instruction Fuzzy Hash: 16912536F04114CFEF18CE7CC9A57DD7BE2F74A354F285229D851EBB90CA2989059B50
                                                                                                                                                                              Function 00855950 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0419f8606edf66e1efa15d1a255f6eb2079b8607cb566d89a3bce7b6c37afad1
                                                                                                                                                                              • Instruction ID: dd8c58bfe670b44e4e10d3c7ad9b15c41ad0cf0f9c1d28c2cc0fae42831ee61c
                                                                                                                                                                              • Opcode Fuzzy Hash: 0419f8606edf66e1efa15d1a255f6eb2079b8607cb566d89a3bce7b6c37afad1
                                                                                                                                                                              • Instruction Fuzzy Hash: BF91DF32A04619CFCB08CBBCD5A8AED7BF1FB48315F24812ADC46EB350CA359D099B54
                                                                                                                                                                              Function 0085CA50 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 26b73ba31737c51ebd689fd115d03457495c06f524a8f93472a8045293cbff82
                                                                                                                                                                              • Instruction ID: 7a449af26432be58f9746e891894c6551db1e07faf18bd084a9aa4c3276b772c
                                                                                                                                                                              • Opcode Fuzzy Hash: 26b73ba31737c51ebd689fd115d03457495c06f524a8f93472a8045293cbff82
                                                                                                                                                                              • Instruction Fuzzy Hash: D3A13EB5E003088FCB04DFA9D4815DEBBF6FF89320F258229D859AB391D635A945CF91
                                                                                                                                                                              Function 008A4400 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: eb0c7468115e358d2c79c1240e39e29075b11f728275943553a467cc8cc0dd79
                                                                                                                                                                              • Instruction ID: eb905db08f33c1e2eec5681b7c734add8e25115e14182b3c4e97a9bacac404a7
                                                                                                                                                                              • Opcode Fuzzy Hash: eb0c7468115e358d2c79c1240e39e29075b11f728275943553a467cc8cc0dd79
                                                                                                                                                                              • Instruction Fuzzy Hash: 6A914436B45109CFEF048EBCC8542DD7BE2FBCA315F286225C841EBB55C7B989068B65
                                                                                                                                                                              Function 0086B140 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5e07a83d338e451cd628196a4f49cb7f52ac70efc31839c1863e26dde0132c1a
                                                                                                                                                                              • Instruction ID: 8fc56ae5c8d4663bed107b74ee11eb04aa2f625fe8200b88d59fe90a7c832e3c
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e07a83d338e451cd628196a4f49cb7f52ac70efc31839c1863e26dde0132c1a
                                                                                                                                                                              • Instruction Fuzzy Hash: 22916AB5A012059FCB04CF6CC89169EBBF6FB8E324F254229E555EB390C7366845CF90
                                                                                                                                                                              Function 00841AF0 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 85cc1620eb60be763bc40ba01e55570cd18eaa7f079410a3bf09ccb0af94a2af
                                                                                                                                                                              • Instruction ID: 4c13870f418bc7fde5148ddf3bb2ecdf036a8740bf6d27a5c1c4898f542d1bdf
                                                                                                                                                                              • Opcode Fuzzy Hash: 85cc1620eb60be763bc40ba01e55570cd18eaa7f079410a3bf09ccb0af94a2af
                                                                                                                                                                              • Instruction Fuzzy Hash: E981C0B5E042089FCB00DFBCD8856DEBFF5FB49320F104629E815EB394DA3699058B92
                                                                                                                                                                              Function 008A2880 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fbb08a0130f389bc7e6ef722934d3d27805fa6134f8591aa2c7b2cac0f9f7599
                                                                                                                                                                              • Instruction ID: 296b355dc24dc4b74da93fd55478bbcd1ca93cf88b98d4278850b2a0b284210a
                                                                                                                                                                              • Opcode Fuzzy Hash: fbb08a0130f389bc7e6ef722934d3d27805fa6134f8591aa2c7b2cac0f9f7599
                                                                                                                                                                              • Instruction Fuzzy Hash: DD81ADB5E052088FDB04DFBCD4556EEBBF2FB89310F14422EE455AB395CA359805CB91
                                                                                                                                                                              Function 00864400 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 19fa32ebdd1ddc4bd615a07033ec95097ef244ecd074d5538b3ed84f3b58e4df
                                                                                                                                                                              • Instruction ID: 3130c66bd7613b94755ad06f6caea2cd790a9e39c52aa0c2344a28554fff1090
                                                                                                                                                                              • Opcode Fuzzy Hash: 19fa32ebdd1ddc4bd615a07033ec95097ef244ecd074d5538b3ed84f3b58e4df
                                                                                                                                                                              • Instruction Fuzzy Hash: A271D4B5E002048BDF04EFBCD4957EE7BF2FB89314F254A29D811A7391DA365905CB92
                                                                                                                                                                              Function 00867B30 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 73947747b99112ff27a14d0c6ecb75dad759178b0bc653ea2497769821198e5a
                                                                                                                                                                              • Instruction ID: d86c6810114460928531584877737fd8b042ffac1c75c4747744e065afaa6dea
                                                                                                                                                                              • Opcode Fuzzy Hash: 73947747b99112ff27a14d0c6ecb75dad759178b0bc653ea2497769821198e5a
                                                                                                                                                                              • Instruction Fuzzy Hash: FB71BFB5E092199FCB00DFACD4916EEBFF5FF49324F26462AD858E7340C63658058B92
                                                                                                                                                                              Function 0087BAD0 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fdd849dfe3512a785fd48b33793e729ed1b6cd0997d425f8aa1462dd2a840602
                                                                                                                                                                              • Instruction ID: ee075bc45c044c54668dcb5ccc783a64ceb0232a198464a4c2e9b63f7ef19e4a
                                                                                                                                                                              • Opcode Fuzzy Hash: fdd849dfe3512a785fd48b33793e729ed1b6cd0997d425f8aa1462dd2a840602
                                                                                                                                                                              • Instruction Fuzzy Hash: 4E718CB6E112098FCB01CFACD4817DEBBF6FB89324F258215D818EB355D636A9058F91
                                                                                                                                                                              Function 0087FB90 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 49f76309ad2cc556c7eb79651327cfee056ac7e5597d339d276d3fba30f1efa4
                                                                                                                                                                              • Instruction ID: 9743880707fe09f2abab1d0b870a09057f496460009dd7e5673f06720c6965f8
                                                                                                                                                                              • Opcode Fuzzy Hash: 49f76309ad2cc556c7eb79651327cfee056ac7e5597d339d276d3fba30f1efa4
                                                                                                                                                                              • Instruction Fuzzy Hash: 49717EB5E002098FCB00DF7CD4916DEBBF1FB49324F254629D915AB3A1D636A909CF81
                                                                                                                                                                              Function 00898390 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 70528e0f2630b670f5586ad4c7b13bd8436be6d16460dc82c892755620f201a9
                                                                                                                                                                              • Instruction ID: 6179777091f13997f381b0b3040bcb9f9d4a2800648bfd69f07f0de6c7771c1a
                                                                                                                                                                              • Opcode Fuzzy Hash: 70528e0f2630b670f5586ad4c7b13bd8436be6d16460dc82c892755620f201a9
                                                                                                                                                                              • Instruction Fuzzy Hash: 737182B5E01205DFCF00DF7CD4856DEBBF1FB4A324F194229D855AB390DA36A8058B81
                                                                                                                                                                              Function 00860920 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6b1f2fa5f9de07ac81f3d65dfc2c5727ee034e4df4f3dbe3149be6b643ada28a
                                                                                                                                                                              • Instruction ID: 8e3a5c9cbacb9abb8d44db1311f3d37a170b10f26e102bcebd44eb32102d2901
                                                                                                                                                                              • Opcode Fuzzy Hash: 6b1f2fa5f9de07ac81f3d65dfc2c5727ee034e4df4f3dbe3149be6b643ada28a
                                                                                                                                                                              • Instruction Fuzzy Hash: BC71D2B5E042088FDB00DF6CD4816DFBBF6FB89324F26822AD415A73A1DA365905CF95
                                                                                                                                                                              Function 008AA950 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c6cec2df61efb2a77f058a84e7db2eba1be0bb2cf9a084a02f69db625452fd3c
                                                                                                                                                                              • Instruction ID: 91878345458b9cce917d86a8b53e960bc230c0c8c9899f741cc57484d79906a0
                                                                                                                                                                              • Opcode Fuzzy Hash: c6cec2df61efb2a77f058a84e7db2eba1be0bb2cf9a084a02f69db625452fd3c
                                                                                                                                                                              • Instruction Fuzzy Hash: 9671CCB5E002188FDB08DFB8D4917EEBBF1FB4A320F11812AD855AB751D6365905CF92
                                                                                                                                                                              Function 0084ABC0 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ad774f591298137877aa688b4ef14e9806c5a509815c5739b0566ae98a5e9036
                                                                                                                                                                              • Instruction ID: 7a218f4838ba083d545aa83eec454949e15b2ab8a1be9f55470975fcc925bcf3
                                                                                                                                                                              • Opcode Fuzzy Hash: ad774f591298137877aa688b4ef14e9806c5a509815c5739b0566ae98a5e9036
                                                                                                                                                                              • Instruction Fuzzy Hash: C061C175E402198FCB04DFACD4913EEBBF6FB89320F15422AD854AB390D67659058F91
                                                                                                                                                                              Function 00881DE0 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ff14a9483a1569aad680333a9496801636e329d4f9e55ac77048ed65d9dbae88
                                                                                                                                                                              • Instruction ID: 4c05e65ae0d9e513d47c7abeeb2a4c3bd0bacb3aeb0ba6b13e49f3311411c0d6
                                                                                                                                                                              • Opcode Fuzzy Hash: ff14a9483a1569aad680333a9496801636e329d4f9e55ac77048ed65d9dbae88
                                                                                                                                                                              • Instruction Fuzzy Hash: 9F61C1B6E002198FCF00DF78C4953DEBBF6FF99324F25461AD854A7390DA3659058B91
                                                                                                                                                                              Function 0086F230 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c5351182d5fbaafa735dab7f26b8477c8c0a761318c44dac298af018a05f6bc7
                                                                                                                                                                              • Instruction ID: 894b7474e05b072e67f2daa2d7bb92a7e2549819e71be33070215fa4e78c270c
                                                                                                                                                                              • Opcode Fuzzy Hash: c5351182d5fbaafa735dab7f26b8477c8c0a761318c44dac298af018a05f6bc7
                                                                                                                                                                              • Instruction Fuzzy Hash: 7D61BD75E142188FCB00DFBCD4917EEBBF2FB89320F16412AD951AB391DA3698058F91
                                                                                                                                                                              Function 00893CD0 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 74984e9111f9f2b97a8a5df584643419369ed76962fe19ff527d0ba3879998d9
                                                                                                                                                                              • Instruction ID: eae0533c158803433593ec5c165d0cb1664e0833a4b6148593064cca62f78882
                                                                                                                                                                              • Opcode Fuzzy Hash: 74984e9111f9f2b97a8a5df584643419369ed76962fe19ff527d0ba3879998d9
                                                                                                                                                                              • Instruction Fuzzy Hash: BD61BF75E002198FDF04DFA8D5947EEBBF2FB89320F19421AD815B73A0DA3659058F91
                                                                                                                                                                              Function 0087D8A0 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4e8075b230e095c56a8203f1d97ad06ead485d436692b8ef679d9dea7832c8cb
                                                                                                                                                                              • Instruction ID: 889673968c074009fdd1eab8a9cd52f78aec47232bdc5f867aa569d8246c63d6
                                                                                                                                                                              • Opcode Fuzzy Hash: 4e8075b230e095c56a8203f1d97ad06ead485d436692b8ef679d9dea7832c8cb
                                                                                                                                                                              • Instruction Fuzzy Hash: 9151CE76E042188FCB04DF7CD4917EEBBF2FB89320F258229D514A7394DA3699098F91
                                                                                                                                                                              Function 008AD5F0 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b7288abda1c1da352400728d1d20a5fb697fad1347e99567885dd60d3f9b09db
                                                                                                                                                                              • Instruction ID: df26e3974cabbcc9b430ec54306c8d81e3f2cac8452f17c564ee7ce1a07b8a07
                                                                                                                                                                              • Opcode Fuzzy Hash: b7288abda1c1da352400728d1d20a5fb697fad1347e99567885dd60d3f9b09db
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F61B2B6E012148FDB04CF78D5806DEBBF6FB8A320F254229D855E77A0D6369905CF91
                                                                                                                                                                              Function 00854A10 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 38e8f4e4ad5c62f01ae66f86ff2c5ea2caa8b4ca1acd910a4dc46232ca0ebfc7
                                                                                                                                                                              • Instruction ID: 26767ab0fe34c6cd180c2b490da4ca85265e1a9584f2fd0946badf3aac6b87bd
                                                                                                                                                                              • Opcode Fuzzy Hash: 38e8f4e4ad5c62f01ae66f86ff2c5ea2caa8b4ca1acd910a4dc46232ca0ebfc7
                                                                                                                                                                              • Instruction Fuzzy Hash: 4A510175A012088FDB00CF7CD494BDEBBF2FB89329F258259D815EB391C63699098F61
                                                                                                                                                                              Function 0084D240 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 66960bd43a6bf495c191f637a5ad94bad7809d75907d116f2d6dd764fbc07ae3
                                                                                                                                                                              • Instruction ID: 891360cd4899ba1a2de71d5575657b8f67cbe229550ea0cc35f05ee9a93aa24f
                                                                                                                                                                              • Opcode Fuzzy Hash: 66960bd43a6bf495c191f637a5ad94bad7809d75907d116f2d6dd764fbc07ae3
                                                                                                                                                                              • Instruction Fuzzy Hash: C551E175E002198FCF04CFB8D4917EEBBF6FB49324F25422AD814A7391DA36A9058F91
                                                                                                                                                                              Function 00897BE0 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f5dd619973986b94e13eacf9af2c59e28f6dc66c4cb1dfd900714d1a4087c535
                                                                                                                                                                              • Instruction ID: 0e8d90ff85b7104d8b183c44bab3555d558efbecd888676e77832e201a7598f9
                                                                                                                                                                              • Opcode Fuzzy Hash: f5dd619973986b94e13eacf9af2c59e28f6dc66c4cb1dfd900714d1a4087c535
                                                                                                                                                                              • Instruction Fuzzy Hash: 8151BD75E146198FCF04DFB8C4907EEBBF2FB89324F29411AD814BB350D63659058B91
                                                                                                                                                                              Function 0087ECC0 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: eee10df1dd31c0bcb473630494b5a24bc17bbb0e6dc576b77866bd80682e095b
                                                                                                                                                                              • Instruction ID: 6fab8b1159939ecf2a34dbf99d0c9133c6a7bf4d0aadf43b511efcb69601d557
                                                                                                                                                                              • Opcode Fuzzy Hash: eee10df1dd31c0bcb473630494b5a24bc17bbb0e6dc576b77866bd80682e095b
                                                                                                                                                                              • Instruction Fuzzy Hash: 5751CE72E002098FCB04CFACC4906EEBBF6FB89324F25465AD814A7395DA3699058F91
                                                                                                                                                                              Function 0089F470 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c0b23b3a764120553a6d759fe935362e100838fe34797ffd052ba7adc75073c0
                                                                                                                                                                              • Instruction ID: 190cfc9db1c84ec132f483b19ccb438815c1d9380e43132e4b210ee1e4e61230
                                                                                                                                                                              • Opcode Fuzzy Hash: c0b23b3a764120553a6d759fe935362e100838fe34797ffd052ba7adc75073c0
                                                                                                                                                                              • Instruction Fuzzy Hash: 0551BDB6E002159FCF04DFACD4847DE7BF5EB49324F290226E924EB361D636A9058F91
                                                                                                                                                                              Function 008B69A0 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fc5656dcc1ef6ddba087ab885f3138b7a0a4b072a3712a089879bbcbccf8fabc
                                                                                                                                                                              • Instruction ID: eff52e57ab8e1645c21f86fff16494895af9b933db57eac7b4c51e0949c629f0
                                                                                                                                                                              • Opcode Fuzzy Hash: fc5656dcc1ef6ddba087ab885f3138b7a0a4b072a3712a089879bbcbccf8fabc
                                                                                                                                                                              • Instruction Fuzzy Hash: 5F51C3B6E041188FCB00DF7CC5917DEBBF6FB89720F15422AD454B7391D63A59148B91
                                                                                                                                                                              Function 00890A80 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9b89b8d77c5f10beffc1aaffde8f9c7c6bfd65b9b7016797424777e4746c1523
                                                                                                                                                                              • Instruction ID: 2e3a74fc2d4b0aae595b8c04043a30f6d60dc47039496719941c717ad5ee38a0
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b89b8d77c5f10beffc1aaffde8f9c7c6bfd65b9b7016797424777e4746c1523
                                                                                                                                                                              • Instruction Fuzzy Hash: 3551CF76E002198FCF00DF7CD4946DEBBF6FB88324F29821AD824A7390D63699058F91
                                                                                                                                                                              Function 008940A0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e6b8e00f3f659c17ebc4c9bcc25b55bb2c82b2ac784ebe3244fa248c56592156
                                                                                                                                                                              • Instruction ID: 9636c783a61f318a1de6e36684ab55c1aa308c89a96bbaa86e3251d2a779ef02
                                                                                                                                                                              • Opcode Fuzzy Hash: e6b8e00f3f659c17ebc4c9bcc25b55bb2c82b2ac784ebe3244fa248c56592156
                                                                                                                                                                              • Instruction Fuzzy Hash: EF51C376E002158FDF00DFBCC8906EE7BF6FB89324F295319D421AB3A0D63669058B91
                                                                                                                                                                              Function 00866CC0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7c06f166751e97dd77ccbca913cf7cfd2f77e8df04c8042f2f281cd66753ac44
                                                                                                                                                                              • Instruction ID: 47fd98f86cd3cb5417a226e6182b693ff8d1844289560c8b489014f1fa0768c1
                                                                                                                                                                              • Opcode Fuzzy Hash: 7c06f166751e97dd77ccbca913cf7cfd2f77e8df04c8042f2f281cd66753ac44
                                                                                                                                                                              • Instruction Fuzzy Hash: 6451C5B6A001598FDB04CF7CD9946EF7BF6FB49324F260219D861AB3A0D63769048B91
                                                                                                                                                                              Function 008601B0 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1cae8fc8c7c09e47f1c5e8d77e8e0c40a6832edd9ae479796e63031867b06b38
                                                                                                                                                                              • Instruction ID: e93133be07603dbc2d7460e0368ad4e45156040506bcebf7a32c18862bc0bd40
                                                                                                                                                                              • Opcode Fuzzy Hash: 1cae8fc8c7c09e47f1c5e8d77e8e0c40a6832edd9ae479796e63031867b06b38
                                                                                                                                                                              • Instruction Fuzzy Hash: 0151C1B6E002188FDB00CF78D5957EFBBF2FB89320F264219D821A7391D63659048F91
                                                                                                                                                                              Function 00889240 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2f64f898f8671d29979f4634be6ca3d6bd369bce3c2226b392ac44370aac3490
                                                                                                                                                                              • Instruction ID: 6a605758e68a5d43d742cfffaed54a7c568a199f9a046761b3dd3c134bbcc366
                                                                                                                                                                              • Opcode Fuzzy Hash: 2f64f898f8671d29979f4634be6ca3d6bd369bce3c2226b392ac44370aac3490
                                                                                                                                                                              • Instruction Fuzzy Hash: 5651D3B6E002088FDB04EFBCC4907EEBBF2FB89324F254629D855A7391C6365905CB95
                                                                                                                                                                              Function 008B38E0 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b7196df5681b4c141ad2d05becbaf0401dfeec59c879d81d4dfdea9d05a81b07
                                                                                                                                                                              • Instruction ID: 51abb50d3ae5b4e2f4b201e62e6bd09be0ee468b89b2a5a5202a3f81895a183e
                                                                                                                                                                              • Opcode Fuzzy Hash: b7196df5681b4c141ad2d05becbaf0401dfeec59c879d81d4dfdea9d05a81b07
                                                                                                                                                                              • Instruction Fuzzy Hash: ED51C4B6E012198FCB04CF7CD4906DEBBF2FB4A324F151219D865B7390D676A9058F91
                                                                                                                                                                              Function 0087A220 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1aaa8ea9f7a087b30d531f6e2e89090e1c88884a2760103eac86f628234d67e2
                                                                                                                                                                              • Instruction ID: 729cac943949155e9f0b8ed055248ba438c00c0ea1b5f8f9d97164a1ceec0100
                                                                                                                                                                              • Opcode Fuzzy Hash: 1aaa8ea9f7a087b30d531f6e2e89090e1c88884a2760103eac86f628234d67e2
                                                                                                                                                                              • Instruction Fuzzy Hash: 1151E375A102088FCB04CF7CC5947DFBBF6FB89324F258219D468A7395C63699098FA2
                                                                                                                                                                              Function 008A0360 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2bba751b75cfbfd54e341f60ab172108a6d001abe3baaf4e85873307a7044b7e
                                                                                                                                                                              • Instruction ID: a835eee23c8b06f8366182a8ef203695c14d52dd7e11527d015c2d86f492d3d3
                                                                                                                                                                              • Opcode Fuzzy Hash: 2bba751b75cfbfd54e341f60ab172108a6d001abe3baaf4e85873307a7044b7e
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D51D072E006098FDB00DE7CC4A57EEBBF6FB4A324F265219D415BB390D63699058F91
                                                                                                                                                                              Function 00879C70 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ccd0375f16aaf36b0ef139c20263136971aed34b349c8b57a179587b5b45a1d4
                                                                                                                                                                              • Instruction ID: cb8f396ff546e2db6574ff2d84d906358d2a3617c24202d6a5eeac99eed9693c
                                                                                                                                                                              • Opcode Fuzzy Hash: ccd0375f16aaf36b0ef139c20263136971aed34b349c8b57a179587b5b45a1d4
                                                                                                                                                                              • Instruction Fuzzy Hash: 8051E6B6E002198FCB04CF7CD4957EEBBF6FB89320F158219D459A7394CA3698058F91
                                                                                                                                                                              Function 008520E0 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f176a1a3acab1d95cd7813d1c9798f4fe510efa6015fa914bb472819f3a5f6ca
                                                                                                                                                                              • Instruction ID: f7999bd32b96a20e956ad26c5e8c7518189ba6aa288b5136349f0af96f5245c5
                                                                                                                                                                              • Opcode Fuzzy Hash: f176a1a3acab1d95cd7813d1c9798f4fe510efa6015fa914bb472819f3a5f6ca
                                                                                                                                                                              • Instruction Fuzzy Hash: 3251C1B9E406049FCB04DFBCC4812DEBBF6FB4A321F254219D914EB391CA7699098B91
                                                                                                                                                                              Function 0087E150 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7074f515106d355c8c0e17fa259ed3f199cef2b760e8941d79edce3a69b7c705
                                                                                                                                                                              • Instruction ID: 42f3bd3eecf9c5df791122b8670ade1eca7985f8c26a9e8d2dac695460ac887a
                                                                                                                                                                              • Opcode Fuzzy Hash: 7074f515106d355c8c0e17fa259ed3f199cef2b760e8941d79edce3a69b7c705
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A512672A212148FDB008A7CC8953EF7BB2FB4A335F16075AD825DB3D2D92759098B90
                                                                                                                                                                              Function 00853A00 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d48952118f2616a2246e024ffd9847342822fc4edc486a1b2de5c30050bae173
                                                                                                                                                                              • Instruction ID: 5ef39dc1fde673ad7ce5f6003bb2562e17adf1f4bda7e34a880b9cc98896dec6
                                                                                                                                                                              • Opcode Fuzzy Hash: d48952118f2616a2246e024ffd9847342822fc4edc486a1b2de5c30050bae173
                                                                                                                                                                              • Instruction Fuzzy Hash: FD51F576A406098FCB04CB7CC8A17EE77F2FB89365F244629C554D7391CA3A99098B80
                                                                                                                                                                              Function 0089C340 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7c6ca893637e38987e5b1c2f59b54817544a369e151c5da6db8669d53d982ff2
                                                                                                                                                                              • Instruction ID: b2c52b3ce7422c07fa49cb6186ae6adc5554e5083d6aa6c6ce7b22984b67d1d6
                                                                                                                                                                              • Opcode Fuzzy Hash: 7c6ca893637e38987e5b1c2f59b54817544a369e151c5da6db8669d53d982ff2
                                                                                                                                                                              • Instruction Fuzzy Hash: 5451D436B411058FCF04DE7CD8A57EE7BF2FB89324F294229D421DB394DA3A99058B80
                                                                                                                                                                              Function 008A6950 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cb08210ad32605bf36ff29d42304833eae9cea5eed7ff8c01a6e68efab087c33
                                                                                                                                                                              • Instruction ID: 322f8f52026a368d49612884263ebb54d128fae51a25a9797e1cec9d29b736eb
                                                                                                                                                                              • Opcode Fuzzy Hash: cb08210ad32605bf36ff29d42304833eae9cea5eed7ff8c01a6e68efab087c33
                                                                                                                                                                              • Instruction Fuzzy Hash: 4141F576E046188FDB00CA7CC4A43DF7BE6FB5A334F2A4256C554AB3A5D6375809CB90
                                                                                                                                                                              Function 0085A500 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3cf9fdaffaafa0b1c6953d6356d5f6811c550aafae5dccac210f2bc2b9c5e0d2
                                                                                                                                                                              • Instruction ID: 311c8f7645e700a2d56b1d3ae3d6ae5bb59c8528a7e47932a82b23e0b716cde1
                                                                                                                                                                              • Opcode Fuzzy Hash: 3cf9fdaffaafa0b1c6953d6356d5f6811c550aafae5dccac210f2bc2b9c5e0d2
                                                                                                                                                                              • Instruction Fuzzy Hash: FD51E436A002158FDB04CFBCC4A4BEE7BF2EB59325F154719D911AB3E1D63A990C8B91
                                                                                                                                                                              Function 008762E0 Relevance: .1, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e9d6a0ff53827827d1f3a7fe1599d3ecb3032e04feeaed3ca7ff31ab4b631a49
                                                                                                                                                                              • Instruction ID: faf155111107b4bc700b05a9054e709879cc1f438b6c19a54acb99009e8525ee
                                                                                                                                                                              • Opcode Fuzzy Hash: e9d6a0ff53827827d1f3a7fe1599d3ecb3032e04feeaed3ca7ff31ab4b631a49
                                                                                                                                                                              • Instruction Fuzzy Hash: 7D412876A016058FCF00CE7CC4947DE7BF6FB8A334F254219C55497395D63699059B50
                                                                                                                                                                              Function 008818B0 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e119f10d2d4758aee8d6d1fd590963cf24e903b1584f79667185ac218776157e
                                                                                                                                                                              • Instruction ID: 80f2d4aa1e3e15ee90ae96a18d99c92d903914d89c551817987a46d237f3817e
                                                                                                                                                                              • Opcode Fuzzy Hash: e119f10d2d4758aee8d6d1fd590963cf24e903b1584f79667185ac218776157e
                                                                                                                                                                              • Instruction Fuzzy Hash: A8415577E452158FDF009A7CC8A93EE7BF5FB55331F16021AD820EB3D1CA26590A9B90
                                                                                                                                                                              Function 00844800 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 780a7e8f6c2497393dc316f4bbe919739fa23b750ce6b3e4645f3466f0196dc7
                                                                                                                                                                              • Instruction ID: 68907dd05dd21c31b070deb02c1fd5458e140e16e00db0ad3a149019f3630215
                                                                                                                                                                              • Opcode Fuzzy Hash: 780a7e8f6c2497393dc316f4bbe919739fa23b750ce6b3e4645f3466f0196dc7
                                                                                                                                                                              • Instruction Fuzzy Hash: 13410372E016198FCB04CA7CC8907EF7BF6EB45364F251229D465EB3E1C62759098F91
                                                                                                                                                                              Function 00895A60 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 650cc8474a5c121d5d46083a7a0b3632e1ad738a708d6d191d7a5f85acb741cd
                                                                                                                                                                              • Instruction ID: 1099bdca31f1972faedad9775bcc9fc2a0d992df6bea091266cacbeeec326017
                                                                                                                                                                              • Opcode Fuzzy Hash: 650cc8474a5c121d5d46083a7a0b3632e1ad738a708d6d191d7a5f85acb741cd
                                                                                                                                                                              • Instruction Fuzzy Hash: 66413636A416198FDF019F7CC8A53EE7BF2FB45335F290219C825A73D1CA2A5906DB50
                                                                                                                                                                              Function 0087DDF0 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 713581c0467602a79db8462b739842a01b897918f332aa042f18438dad18d2ae
                                                                                                                                                                              • Instruction ID: 1e7abf471b22ec8815167d2829a2d37bfeaaddd8856ac5bcda90cf69bb3978ad
                                                                                                                                                                              • Opcode Fuzzy Hash: 713581c0467602a79db8462b739842a01b897918f332aa042f18438dad18d2ae
                                                                                                                                                                              • Instruction Fuzzy Hash: 33412837A412198FDB01DA7CC4A17EFBBF1FF85324F254619C915AB3D1CA2A99098B90
                                                                                                                                                                              Function 00870A60 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5fc30907de12e96dca22bd06b5eacb56c6cab9889000d644b37c44575fbf0332
                                                                                                                                                                              • Instruction ID: 64e5d853c0a678b1344719978283cbcd26bf088bda20c819dfee37611d4fcc1f
                                                                                                                                                                              • Opcode Fuzzy Hash: 5fc30907de12e96dca22bd06b5eacb56c6cab9889000d644b37c44575fbf0332
                                                                                                                                                                              • Instruction Fuzzy Hash: 3941F176E002298FCB00CA7CC4956EE7BF6E749334F25432AD824E73E5D66699048F90
                                                                                                                                                                              Function 0083D180 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8b34aecaefa54fde235d0bc7b9cc2fbf62f54277e04e5e086428d4ea910889f0
                                                                                                                                                                              • Instruction ID: 05dafe652dfc4e4e3f0c1a90e844cc33bdae93bb16cd9c3c6e510d7ee0afbd9e
                                                                                                                                                                              • Opcode Fuzzy Hash: 8b34aecaefa54fde235d0bc7b9cc2fbf62f54277e04e5e086428d4ea910889f0
                                                                                                                                                                              • Instruction Fuzzy Hash: CB41F376A042198FDF018B7CD9917EF7BF2E789320F150369D820E7391D62799099BA0
                                                                                                                                                                              Function 008603C0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cbb524a354e1cc53e8701ca1577ffc3e5afe660c4df9009dbb4b49348196ab26
                                                                                                                                                                              • Instruction ID: ce7ab34e341f55a92b9f9dfe8becb6fcb20d2c17e6a0ad2d971e3a215d98d17c
                                                                                                                                                                              • Opcode Fuzzy Hash: cbb524a354e1cc53e8701ca1577ffc3e5afe660c4df9009dbb4b49348196ab26
                                                                                                                                                                              • Instruction Fuzzy Hash: B941CE76B512158FCB00CE7CC8943EF7BE6E789338F26431AC525A73E5DA2658098F94
                                                                                                                                                                              Function 008AF150 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 941239ceddf7cd02bcd5067d241ab3f931ff742b87b2b6cdd1f4ecebdf7e6bdb
                                                                                                                                                                              • Instruction ID: 9fc89085cb344e16865bec2e1a70f250e0f44e7144badbb7854aa4332733e0f9
                                                                                                                                                                              • Opcode Fuzzy Hash: 941239ceddf7cd02bcd5067d241ab3f931ff742b87b2b6cdd1f4ecebdf7e6bdb
                                                                                                                                                                              • Instruction Fuzzy Hash: D741F336E042188BDB01CFBCC5947EF77F6FB4A324F25022AC961A77D1D6265D058B90
                                                                                                                                                                              Function 008A73C0 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a942ff6e081866e56339f44fa1a2eeaf810ef0e7d78e6e0887bc7bc7f01b492b
                                                                                                                                                                              • Instruction ID: 898505384f53bcf7f60e7849e5221c42c1f6f428ca9d1983f52aebed5954152e
                                                                                                                                                                              • Opcode Fuzzy Hash: a942ff6e081866e56339f44fa1a2eeaf810ef0e7d78e6e0887bc7bc7f01b492b
                                                                                                                                                                              • Instruction Fuzzy Hash: BA415876F081098FDB008ABCCD913EE7BF6FB46321F19021AC854E77D2C626590ADB94
                                                                                                                                                                              Function 0087C4C0 Relevance: .1, Instructions: 141COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2e50b5dce2ac0c094ef15b20e436cc62a959d595375decc83121ae7dc78f43ff
                                                                                                                                                                              • Instruction ID: 97b63d73f15f218ad2cc063e48a9c802db0b4897e6e07996710f23c2b2f4a0ce
                                                                                                                                                                              • Opcode Fuzzy Hash: 2e50b5dce2ac0c094ef15b20e436cc62a959d595375decc83121ae7dc78f43ff
                                                                                                                                                                              • Instruction Fuzzy Hash: 5F415672A551098FCB00CA3CC8917EE7BF1FB55760F1A021ED818E73D1D9279E098B90
                                                                                                                                                                              Function 0087E8C0 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 237c7d0a81bed1850c6a325cabac865c06c542df10ae1db1a2b3eea955cad415
                                                                                                                                                                              • Instruction ID: c06cf64aaf4f7197f31c4f762eb78317509d6da8a89220c4a0c483705a915f42
                                                                                                                                                                              • Opcode Fuzzy Hash: 237c7d0a81bed1850c6a325cabac865c06c542df10ae1db1a2b3eea955cad415
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B414772A112168FDB40CEBCC4A53EFBBF2F749320F168659C554DB399C93AC9098B91
                                                                                                                                                                              Function 0084F150 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 68b2097c3e3cdfedfee4838fd2c1e7fadf14236ca432733ac6abcb7beeb09cb9
                                                                                                                                                                              • Instruction ID: 1c5c96919b415aac331d1ae532bffce5bdfe082c468ce778e2d768c44a7fe1ee
                                                                                                                                                                              • Opcode Fuzzy Hash: 68b2097c3e3cdfedfee4838fd2c1e7fadf14236ca432733ac6abcb7beeb09cb9
                                                                                                                                                                              • Instruction Fuzzy Hash: A5412876E012598FCB018E7CC8917EE7BF2FB45335F29032ACA349B3D2C52659069B60
                                                                                                                                                                              Function 00886250 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5515f619aebaf6a31c6ea7f0e08af44ea35a215032e69f916160d73a3408f559
                                                                                                                                                                              • Instruction ID: 0fb571914357c51ae85c3d036de8a8473363d7960953dfcda3484073a2edf375
                                                                                                                                                                              • Opcode Fuzzy Hash: 5515f619aebaf6a31c6ea7f0e08af44ea35a215032e69f916160d73a3408f559
                                                                                                                                                                              • Instruction Fuzzy Hash: 9241E136E441198FDB00DEBCC4907EF7BF6FB49324F25166AC810E7391DA2B59098B90
                                                                                                                                                                              Function 00854860 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ca1746900a8cc00bf2a81ce41471aee3870bffa7d43b2ac451081efea51fd2f6
                                                                                                                                                                              • Instruction ID: aa66fc3eb350b41387a48b5a45a5be83e85344538ee2dfa6f6dabc3478e7e94d
                                                                                                                                                                              • Opcode Fuzzy Hash: ca1746900a8cc00bf2a81ce41471aee3870bffa7d43b2ac451081efea51fd2f6
                                                                                                                                                                              • Instruction Fuzzy Hash: 35412736A406298FDF00CB7CC4E53EF7BF5F749329F21121AD955D7392DA2A99098B80
                                                                                                                                                                              Function 008AE1E0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a51f719db6a5fca9090eb642982284f754371302b2acbd2f27ad56ad8718962d
                                                                                                                                                                              • Instruction ID: d5d89ed8dfe07f0bff84b95e35a1da52938bec2363ba887163ee7ca5367bb39b
                                                                                                                                                                              • Opcode Fuzzy Hash: a51f719db6a5fca9090eb642982284f754371302b2acbd2f27ad56ad8718962d
                                                                                                                                                                              • Instruction Fuzzy Hash: F3414872A442098FDF009E7CC8A57EF7BF6F78A320F154725D521DB790DA3A99098B50
                                                                                                                                                                              Function 008A4AF0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e42fe6ef19b2fc6627219d7ece2f694cc4831fa5c06291a05208e261c4b71407
                                                                                                                                                                              • Instruction ID: bd5c1a8036d1d1f9edef4ca97f433c832cded82696d8ca4075c54f64dafe0937
                                                                                                                                                                              • Opcode Fuzzy Hash: e42fe6ef19b2fc6627219d7ece2f694cc4831fa5c06291a05208e261c4b71407
                                                                                                                                                                              • Instruction Fuzzy Hash: A9415976A005198FEF00CEBCC8953EF7BE6F796334F151616D454C73A2D66A890A8B90
                                                                                                                                                                              Function 00853270 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4c02a0767278f07cdd7088d8bdbc51663b7fce9dcf5b6240fc3adc07e07df306
                                                                                                                                                                              • Instruction ID: 29d56ddf8a115650336fb8e790a9226acae1df6bf6c5316af3094c2dff96529e
                                                                                                                                                                              • Opcode Fuzzy Hash: 4c02a0767278f07cdd7088d8bdbc51663b7fce9dcf5b6240fc3adc07e07df306
                                                                                                                                                                              • Instruction Fuzzy Hash: 81412376E006158FDB00CEBCD4957EE7BF2FB493A1F15021AC821E7391DA2B5A0A8F50
                                                                                                                                                                              Function 00847BA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1d8871803140c11c14bf5b635b64b494fc9c447f5c6bfe144f28d0a693284a52
                                                                                                                                                                              • Instruction ID: f0e35b756f40ccaa9503b4ccff848fa4da67270ad3731f02ad66ff5c49cc83ef
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d8871803140c11c14bf5b635b64b494fc9c447f5c6bfe144f28d0a693284a52
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C415A76F156098FDB048E7CC4A43EF7BE6FB89320F254629C411DB3A5DB3A48098B90
                                                                                                                                                                              Function 0086F480 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 16eaaccd79d3fe793545b6cbcb5d40b9eee54afc25b3f2ee3dd997aa58d65e49
                                                                                                                                                                              • Instruction ID: 59e5fccb50954bfa534b275bfb7c9740b35254c4f1b66f6a13b4f8e1c4902cda
                                                                                                                                                                              • Opcode Fuzzy Hash: 16eaaccd79d3fe793545b6cbcb5d40b9eee54afc25b3f2ee3dd997aa58d65e49
                                                                                                                                                                              • Instruction Fuzzy Hash: 92412876E402198FDF008E7CD8A57EF7BE6FB45324F260725D621D7792CA2A98058B90
                                                                                                                                                                              Function 00899CD0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9e41347a86c696d002cff94e4d56af99639408665d9823602a33ea48a793b07b
                                                                                                                                                                              • Instruction ID: bd5cd82a934b9fc2f8aa6ed57fb93ef2f627b60baf88d28cb8e131850660ad04
                                                                                                                                                                              • Opcode Fuzzy Hash: 9e41347a86c696d002cff94e4d56af99639408665d9823602a33ea48a793b07b
                                                                                                                                                                              • Instruction Fuzzy Hash: B6410476A006198FCF009A7CC8D47EE7BE6E745334F290319D561DB3E0C67A99098B50
                                                                                                                                                                              Function 008530C0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9d59608a4a6fb7179c5679ad7925775c7f25070e4e7c33cee3e7b768e96134dc
                                                                                                                                                                              • Instruction ID: 2679272cce9e97beba6601c59110d45d3f213e69ef18be838e02c332931e1435
                                                                                                                                                                              • Opcode Fuzzy Hash: 9d59608a4a6fb7179c5679ad7925775c7f25070e4e7c33cee3e7b768e96134dc
                                                                                                                                                                              • Instruction Fuzzy Hash: 8641F676E406158FCB01CE7CC9817DE77F2FB89765F15831AD824AB3E4CA2B5A098B50
                                                                                                                                                                              Function 0088E1A0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: bbacda7fc295c0a5700ae423dad688d0b2228dd944c55b899c3f24e5d8ac8892
                                                                                                                                                                              • Instruction ID: 1b19006ba3c4ca0f8b04691e75585d8e7debaa83a21d6d09387ca4e0970fe535
                                                                                                                                                                              • Opcode Fuzzy Hash: bbacda7fc295c0a5700ae423dad688d0b2228dd944c55b899c3f24e5d8ac8892
                                                                                                                                                                              • Instruction Fuzzy Hash: 3941377AE401198FCB049E7CD4947FE7BF6FB45324F25421AD824AB390CA2B5D098B90
                                                                                                                                                                              Function 008801E0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 73e75fa5f05c087212672e2d7852bc6bcbdfb5c65cdef6d483c757a5967110f7
                                                                                                                                                                              • Instruction ID: 61644f45609a835b93a4f2581e0e6dc2e728830d699e07bf6d40f9d88649058f
                                                                                                                                                                              • Opcode Fuzzy Hash: 73e75fa5f05c087212672e2d7852bc6bcbdfb5c65cdef6d483c757a5967110f7
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A41F372E455098FDB04DE68C4A47EF77F2EB89324F25422AC821E73E1C67659098F50
                                                                                                                                                                              Function 0087B920 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b913a85d06e2c298b6c33722e7da389e63b6ea6edcbd2df7e3e0a8d24dda7733
                                                                                                                                                                              • Instruction ID: 6fe7e917c997189d3dac14cc8761e5bfd19dd3dd34e2d3a5b041fe335ae36cc0
                                                                                                                                                                              • Opcode Fuzzy Hash: b913a85d06e2c298b6c33722e7da389e63b6ea6edcbd2df7e3e0a8d24dda7733
                                                                                                                                                                              • Instruction Fuzzy Hash: 3C41F376E012198FCB00CE7CC4947DF7BE2FB89324F15825AD525E7394DB2699098B51
                                                                                                                                                                              Function 00894AB0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 59472469e81d5a517f550256021ec53ae268ff09fa6db67249a8e93c58cb8366
                                                                                                                                                                              • Instruction ID: 644955252ced0be3b2ac6d03cac48d62eca89f1968f34db06f3f5f6c5ab2f596
                                                                                                                                                                              • Opcode Fuzzy Hash: 59472469e81d5a517f550256021ec53ae268ff09fa6db67249a8e93c58cb8366
                                                                                                                                                                              • Instruction Fuzzy Hash: 4841F536A051158FCF00DEBCC595BDE77E2FB89334F1A5219D524AB3A0C63B59068F50
                                                                                                                                                                              Function 00898B90 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 74a2d701d170e4392500f82e26cef5d57f83a7188a229229db00028005fad947
                                                                                                                                                                              • Instruction ID: 8ce486520745a272ed060648ddf3bc274fdb1f256fc197dc934a507cfcadfbc7
                                                                                                                                                                              • Opcode Fuzzy Hash: 74a2d701d170e4392500f82e26cef5d57f83a7188a229229db00028005fad947
                                                                                                                                                                              • Instruction Fuzzy Hash: 2341B276A0121A8FCF00DE7CD5847EE7BE1E75A328F19031AD821EB3E1D62759098B60
                                                                                                                                                                              Function 008593D0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a7594f0ddd6038490271fbdb88064ac8dfdec869fa464e73e20d06ca5879a295
                                                                                                                                                                              • Instruction ID: a8e9624fd63b56890658ca58c3b575a1e1f21e5f1e584392596fd68b61f71958
                                                                                                                                                                              • Opcode Fuzzy Hash: a7594f0ddd6038490271fbdb88064ac8dfdec869fa464e73e20d06ca5879a295
                                                                                                                                                                              • Instruction Fuzzy Hash: 5C412476E402198FDB00CF7CD4847DE7BF2F789325F254619C865A73A0D63A9D0A8B50
                                                                                                                                                                              Function 008AC3E0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 80a0de2fcb378c37d0387563261bf34aa563611d02b83e8d2eb429ba555ceae1
                                                                                                                                                                              • Instruction ID: 3f9d1ab352b656597b5548125b93404cf05ef1c7d94e8abc4749be358bb9be65
                                                                                                                                                                              • Opcode Fuzzy Hash: 80a0de2fcb378c37d0387563261bf34aa563611d02b83e8d2eb429ba555ceae1
                                                                                                                                                                              • Instruction Fuzzy Hash: 57413276E002158FDB018E7CD4A53EE7BF2F74A724F16031AD821AB7D0C62B6909CB94
                                                                                                                                                                              Function 00893B20 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6a9f8a7fab6cd5efc659dfd1784d21ad8edc9522ae09ffd2faa3edd68431949c
                                                                                                                                                                              • Instruction ID: 0e8724c9b0866c244b642edbba6801e17415fc7f551cd3236c86dfea0329b3c6
                                                                                                                                                                              • Opcode Fuzzy Hash: 6a9f8a7fab6cd5efc659dfd1784d21ad8edc9522ae09ffd2faa3edd68431949c
                                                                                                                                                                              • Instruction Fuzzy Hash: 0D41F476A042098FCF00DE7CC4947DE7BF2FB89334F19461AC565AB391C62A9A098F50
                                                                                                                                                                              Function 0088D350 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2e86aa2c57340ffb138fff31771d2b4e6942358cebfd5e18fe7d0df8afdfc65e
                                                                                                                                                                              • Instruction ID: 3e836f064dd6b2c96b444eea8c56fbe5f4e1a5ede0f8962b1dcfcbd16d02050b
                                                                                                                                                                              • Opcode Fuzzy Hash: 2e86aa2c57340ffb138fff31771d2b4e6942358cebfd5e18fe7d0df8afdfc65e
                                                                                                                                                                              • Instruction Fuzzy Hash: 1E41BF76E002198FDB00DE6CC8957EE7BF2FB89324F164619D814E73A1D63B5A098B91
                                                                                                                                                                              Function 00848420 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2b95da27c715dc295be3a76798a9bbe311276332fdb463cf6ee8f6d5a435c75e
                                                                                                                                                                              • Instruction ID: fc0858ef030981f0850a75d8f98c8f7ab3caecb4035f7d1fe467737c722ee791
                                                                                                                                                                              • Opcode Fuzzy Hash: 2b95da27c715dc295be3a76798a9bbe311276332fdb463cf6ee8f6d5a435c75e
                                                                                                                                                                              • Instruction Fuzzy Hash: 2941B276A00219CBCB04CE7CC5A47EE7BE6F749334F26421ACA25AB3D0CA2659068F50
                                                                                                                                                                              Function 008AD440 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3a9b39da42c388fc874509cecf0f8ffd9eaf3806dcf00da9164c9e6c59dae6c4
                                                                                                                                                                              • Instruction ID: fa3819daf0ae6f694f7aa8f96c26f2fc157ab2011f05953c9e613e1f52f1d547
                                                                                                                                                                              • Opcode Fuzzy Hash: 3a9b39da42c388fc874509cecf0f8ffd9eaf3806dcf00da9164c9e6c59dae6c4
                                                                                                                                                                              • Instruction Fuzzy Hash: 62411376E012198FDB04CE7CD4947EE7BF2F74A324F150219D822E7B90D63A59098FA0
                                                                                                                                                                              Function 008945B0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d266afdf427dd89f6082278afd59e61a53b7b91109d36cb7c830a056425d60ed
                                                                                                                                                                              • Instruction ID: fd8c8e711e9f12b42d5503e9012661cbc01fa50ca36e7491506ad6374a21d522
                                                                                                                                                                              • Opcode Fuzzy Hash: d266afdf427dd89f6082278afd59e61a53b7b91109d36cb7c830a056425d60ed
                                                                                                                                                                              • Instruction Fuzzy Hash: 32415976A4410A8FDF00DE7CD4947EF77E6F78A324F195219D4259B390C62A580A8B90
                                                                                                                                                                              Function 008705D0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fd8a994f1f6f4f4b1e34b77f12717cfda2f1fc253f0192de1e0a20d527bd83d2
                                                                                                                                                                              • Instruction ID: 5ffb9ecbf64eb050c7a076ad19c54f2067325cde403fc67e205f97f259e14bfb
                                                                                                                                                                              • Opcode Fuzzy Hash: fd8a994f1f6f4f4b1e34b77f12717cfda2f1fc253f0192de1e0a20d527bd83d2
                                                                                                                                                                              • Instruction Fuzzy Hash: 6E411436E00219CFDB08CEBCC4B07EE77F6F789364F25521AC415A7395CA2659098F90
                                                                                                                                                                              Function 00870DF0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7f47669a1bb839648f77114e1c33d36a0e2435602f0b9c024b35a97cdca63e64
                                                                                                                                                                              • Instruction ID: 146d138a53d3874b0ece1ee71ec9640e4878c4da739a0264ef0adaf7c8f359e9
                                                                                                                                                                              • Opcode Fuzzy Hash: 7f47669a1bb839648f77114e1c33d36a0e2435602f0b9c024b35a97cdca63e64
                                                                                                                                                                              • Instruction Fuzzy Hash: E641E176A002158FCB00CE7CC4947EE7BE2FB4A374F15861AD865E73E5C62B99098F90
                                                                                                                                                                              Function 008B21C0 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e408cef9ba5b5b79a759f37bd274d949e67f700266e4538340aa49adceb3df72
                                                                                                                                                                              • Instruction ID: 6bb5ca69bea22e353f8969e1d0ac75a64fb2a1531badf0a9578758db19703526
                                                                                                                                                                              • Opcode Fuzzy Hash: e408cef9ba5b5b79a759f37bd274d949e67f700266e4538340aa49adceb3df72
                                                                                                                                                                              • Instruction Fuzzy Hash: 62413772A5421A8FCB008E7CC8A57EFBBE5F749330F254719D524DB3E1CA2E59098B91
                                                                                                                                                                              Function 0083EA90 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9936c239a861cd0af447c5c5f41cba1e57e352a700282101b6b953d272fbbec7
                                                                                                                                                                              • Instruction ID: bd26c0ccfd1a489b7df411f65b7799977eea8def8fd78874b6c5837276184ff7
                                                                                                                                                                              • Opcode Fuzzy Hash: 9936c239a861cd0af447c5c5f41cba1e57e352a700282101b6b953d272fbbec7
                                                                                                                                                                              • Instruction Fuzzy Hash: C2412876A481198FCF018E7CD8A57EFBBE6F785330F250219D411DB3D0DA2A690A8BD0
                                                                                                                                                                              Function 0084EA00 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b5d64c4a4c378d0d23e241b25053adf8c89d4de9e1ee7e02c6ffa29147ab347e
                                                                                                                                                                              • Instruction ID: ba8dd8ebe5932a9789ff8616ea8c3f5160d00be23f6620bd3a1244db63bf1d38
                                                                                                                                                                              • Opcode Fuzzy Hash: b5d64c4a4c378d0d23e241b25053adf8c89d4de9e1ee7e02c6ffa29147ab347e
                                                                                                                                                                              • Instruction Fuzzy Hash: C041E176E402198FDB00CE7CC4947EE7BF3F799334F25465AD821AB3A0D63659098B90
                                                                                                                                                                              Function 0089A3D0 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 495be817057ed304554f1049bb300cf8b0e15ccc4ef0446b7db0d7712850f601
                                                                                                                                                                              • Instruction ID: 8d60e4c9d3ba493fcc8a551d6ea6a9289aae5f10f780a1107ccdf8d6d1f4a1cb
                                                                                                                                                                              • Opcode Fuzzy Hash: 495be817057ed304554f1049bb300cf8b0e15ccc4ef0446b7db0d7712850f601
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B412572A401158FDF04DABCC8A43EFBBE5F745334F2A421AC96497391D62A58098BC1
                                                                                                                                                                              Function 00864B00 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7ed2aa22d733b377727255378d70a3a9e2191604e55f1335711c7bf3bee8701b
                                                                                                                                                                              • Instruction ID: 6e826f09a0b0ca3b794f1cf2066265127aa509d3bb3c0acc0cc11fcd09fc23fb
                                                                                                                                                                              • Opcode Fuzzy Hash: 7ed2aa22d733b377727255378d70a3a9e2191604e55f1335711c7bf3bee8701b
                                                                                                                                                                              • Instruction Fuzzy Hash: 92413B32A451058FDB00CE7CC8A57EF7BF6FB85331F265629C551DB391CA3A98099B90
                                                                                                                                                                              Function 008978B0 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e5634dbd5e9651bcc7ee266a6a914f45cf78545115ff2d20d79a7e0b3e535449
                                                                                                                                                                              • Instruction ID: dc36126fb9d18481355ca2bef6f2c63e6d50bfc6fe7819419dcea9affb23ef7d
                                                                                                                                                                              • Opcode Fuzzy Hash: e5634dbd5e9651bcc7ee266a6a914f45cf78545115ff2d20d79a7e0b3e535449
                                                                                                                                                                              • Instruction Fuzzy Hash: F6414736A541268FCF009ABCC8957EF7BE2F785734F190719D864D73E1D62B49098B90
                                                                                                                                                                              Function 0083FAA0 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8d0352b129caadbded09085a716b5fd023f191dae475f4e8d734b7221ad3859f
                                                                                                                                                                              • Instruction ID: 7654d155429dc0136fc0e024ee730f1f66c9da5d5c137000fec186c787ef431d
                                                                                                                                                                              • Opcode Fuzzy Hash: 8d0352b129caadbded09085a716b5fd023f191dae475f4e8d734b7221ad3859f
                                                                                                                                                                              • Instruction Fuzzy Hash: 9741E777E442198BCB008A7CC8957EE7BE2F795334F15032AD920973E1D63B590A8BD0
                                                                                                                                                                              Function 0083EC40 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2109434ba2555fe5af85d174028c7282a1f74ad8db3d66d3b3c7f05c89e76eeb
                                                                                                                                                                              • Instruction ID: 4b6cccff39590e26d723575c5de7ebbe3acfc550df9c8b012d52ae5854f53459
                                                                                                                                                                              • Opcode Fuzzy Hash: 2109434ba2555fe5af85d174028c7282a1f74ad8db3d66d3b3c7f05c89e76eeb
                                                                                                                                                                              • Instruction Fuzzy Hash: 62411376A441198FCF008A7CC8913EF7BB2F789731F25461AD821E73E1C66B590A9BD0
                                                                                                                                                                              Function 0085B490 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1f780942fd92aaf0f1c8594c98c06ed4bd00c68cfe8f6630462cbf27da0726fe
                                                                                                                                                                              • Instruction ID: b657706fd107099c0c3124c1e30f29dad3ad39948bc25f478433f86081ee4d44
                                                                                                                                                                              • Opcode Fuzzy Hash: 1f780942fd92aaf0f1c8594c98c06ed4bd00c68cfe8f6630462cbf27da0726fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D412432A411098FDF008E7CC8957EF77E2F7A5325F254215C8209B3D1EA2A450D8F50
                                                                                                                                                                              Function 008C9C7E Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 127012223-0
                                                                                                                                                                              • Opcode ID: 61067029f0caba08f4e699d6b942c829ed994950fabcab87d911e11f300951f5
                                                                                                                                                                              • Instruction ID: 8b78625ebc78c30d20c308c314d5122898f2fa411f238b47eb133093d70e4fee
                                                                                                                                                                              • Opcode Fuzzy Hash: 61067029f0caba08f4e699d6b942c829ed994950fabcab87d911e11f300951f5
                                                                                                                                                                              • Instruction Fuzzy Hash: 5971B0729002099BDF209E68CC8AFEE77B9FF55710F2800DDE985E7281EA75DC4087A1
                                                                                                                                                                              Function 008BF995 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,008BFAA4,008B7CCC,?,00000000,?,?,?,008BF856,00000022,FlsSetValue,008CDBB8,008CDBC0,?), ref: 008BFA56
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                                                              • Opcode ID: 3a8b346946e5b160d72a56f223b17a5124e1a14645ad517b90f6f13a2b54c8ef
                                                                                                                                                                              • Instruction ID: a331db2bafdaed0e39bdb2ad848b0b9d6d06d9dfd88411afa6e58e1792e75fca
                                                                                                                                                                              • Opcode Fuzzy Hash: 3a8b346946e5b160d72a56f223b17a5124e1a14645ad517b90f6f13a2b54c8ef
                                                                                                                                                                              • Instruction Fuzzy Hash: 5A210871A01221A7C7259B249C41F9A7B68FF41378F201331EA09E73C2D770EE01C6D1
                                                                                                                                                                              Function 008C3998 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • C:\Users\user\Desktop\4hQFnbWlj8.exe, xrefs: 008C39B4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                              • API String ID: 0-547016974
                                                                                                                                                                              • Opcode ID: 0b19cd5e74bb05b9b6080d299155e282362517076bd4c2d93979efc76a738633
                                                                                                                                                                              • Instruction ID: 0a056184f9838145fa94af1359ffd29a3e17ea351322cd006cdcc8da4f48938d
                                                                                                                                                                              • Opcode Fuzzy Hash: 0b19cd5e74bb05b9b6080d299155e282362517076bd4c2d93979efc76a738633
                                                                                                                                                                              • Instruction Fuzzy Hash: 4821CF31200A15AF8B20EF64C881F6ABBBAFF02364710C51DF955D7161DB71EE12C791
                                                                                                                                                                              Function 008BD05E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E2BBFDD5,?,?,00000000,008CB8A7,000000FF,?,008BD11F,008BD006,?,008BD1BB,00000000), ref: 008BD093
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008BD0A5
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,008CB8A7,000000FF,?,008BD11F,008BD006,?,008BD1BB,00000000), ref: 008BD0C7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                              • Opcode ID: 894d6b9e065df2b4319a6840f55fc27e17d3cd9c3a0138aa07f22b74b2b1c6dc
                                                                                                                                                                              • Instruction ID: 99e737812de213ecd1017d0487396961e555936da06af87bc13736e5f16f81ac
                                                                                                                                                                              • Opcode Fuzzy Hash: 894d6b9e065df2b4319a6840f55fc27e17d3cd9c3a0138aa07f22b74b2b1c6dc
                                                                                                                                                                              • Instruction Fuzzy Hash: FB016731914A59BFDB119F50DC05FAEBBB9FB04711F044626EC21E27D0D7B49901CA51
                                                                                                                                                                              Function 008BF179 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,008BF07F,?,?,00000000,00000000,00000000,?), ref: 008BF19E
                                                                                                                                                                              • CatchIt.LIBVCRUNTIME ref: 008BF284
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CatchEncodePointer
                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                              • API String ID: 1435073870-2084237596
                                                                                                                                                                              • Opcode ID: 1506b143d44bc49c90966fab74a3abc51abc4110b17e2039be08560cc846de27
                                                                                                                                                                              • Instruction ID: df342ac217fb8c189b002cffce8e9e3381c7da3eba262b5cdc02b2096000a0e8
                                                                                                                                                                              • Opcode Fuzzy Hash: 1506b143d44bc49c90966fab74a3abc51abc4110b17e2039be08560cc846de27
                                                                                                                                                                              • Instruction Fuzzy Hash: 31414875900209EFCF16DF98CD81AEEBBB5FF48304F184169FA14A7222D3359A60DB51
                                                                                                                                                                              Function 008C4BE3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000008,00000000,00000800,?,008C4C7F,?,00000000,?,?,?,?,008C4AC7,00000000,FlsAlloc,008CE4F0,008CE4F8), ref: 008C4BF0
                                                                                                                                                                              • GetLastError.KERNEL32(?,008C4C7F,?,00000000,?,?,?,?,008C4AC7,00000000,FlsAlloc,008CE4F0,008CE4F8,?,?,008BE4D1), ref: 008C4BFA
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000008,00000000,00000000,008D4C88,00000008,008522B7,E49EE01E), ref: 008C4C22
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                              • API String ID: 3177248105-2084034818
                                                                                                                                                                              • Opcode ID: 79a73a9eaba9c832c1acdaa9d2e4d78a12f2a6a03bb3cb28e81a75e992808f37
                                                                                                                                                                              • Instruction ID: cb1cc4c28f9c61aca44ecab9aeed548b94c027d453f9bf68c72518facfccabdc
                                                                                                                                                                              • Opcode Fuzzy Hash: 79a73a9eaba9c832c1acdaa9d2e4d78a12f2a6a03bb3cb28e81a75e992808f37
                                                                                                                                                                              • Instruction Fuzzy Hash: 71E01A70681204B6EA201F60ED0AF197F69FB10B52F100635F90DE84E1E7F2EA908986
                                                                                                                                                                              Function 008BEB7D Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1740715915-0
                                                                                                                                                                              • Opcode ID: 5d1d9ce7d348f0c465e236f58cbacacb16c302680c0288aeec787dcae34e9211
                                                                                                                                                                              • Instruction ID: aacf5cbd9b7094f18c1e46a036198cf37068ade0a2544977c2cf799ba26fdc16
                                                                                                                                                                              • Opcode Fuzzy Hash: 5d1d9ce7d348f0c465e236f58cbacacb16c302680c0288aeec787dcae34e9211
                                                                                                                                                                              • Instruction Fuzzy Hash: 7051037261460AAFDB288F28C851BFABBA5FF00310F14452DE902D7391E731ED81CB91
                                                                                                                                                                              Function 008C33FC Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 008C4053: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,008C5048,?,00000000,-00000008), ref: 008C40B4
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 008C3460
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 008C3467
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 008C34A1
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 008C34A8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1913693674-0
                                                                                                                                                                              • Opcode ID: 46072a29462059fd0d2025ea7ad5dea7df14ab83ba4044646adfaf3fa420edbf
                                                                                                                                                                              • Instruction ID: ea1ce249e34f56c21315f0624bb3699bc705a939b810513e43a6ef52e5c5d4dd
                                                                                                                                                                              • Opcode Fuzzy Hash: 46072a29462059fd0d2025ea7ad5dea7df14ab83ba4044646adfaf3fa420edbf
                                                                                                                                                                              • Instruction Fuzzy Hash: 5921F231200609BF8B26AF6ADC80E2BB7B9FF11368710C52DF815D7241D734EE428B95
                                                                                                                                                                              Function 008C414F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 008C4157
                                                                                                                                                                                • Part of subcall function 008C4053: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,008C5048,?,00000000,-00000008), ref: 008C40B4
                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008C418F
                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008C41AF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 158306478-0
                                                                                                                                                                              • Opcode ID: 90ae4f4ed1a3d20ca04cb5f28058aa4d7c725afd3528e0749ee2df07d5bb6a81
                                                                                                                                                                              • Instruction ID: 278f0791688ad5b77e60bf380167076f2ffdf8b5d268e6f4c36ac9b156e655fc
                                                                                                                                                                              • Opcode Fuzzy Hash: 90ae4f4ed1a3d20ca04cb5f28058aa4d7c725afd3528e0749ee2df07d5bb6a81
                                                                                                                                                                              • Instruction Fuzzy Hash: 7E11A1A9901619BFA71127795CDEEAF3E7CFE693D8718111FF941D1101EA30CE8045B2
                                                                                                                                                                              Function 008B7DF7 Relevance: 6.0, APIs: 4, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SleepConditionVariableCS.KERNEL32(?,008B7D80,00000064,?,008838B1), ref: 008B7E1A
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(008D981C,?,?,008B7D80,00000064,?,008838B1), ref: 008B7E24
                                                                                                                                                                              • WaitForSingleObjectEx.KERNEL32(?,00000000,?,008B7D80,00000064,?,008838B1), ref: 008B7E35
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(008D981C,?,008B7D80,00000064,?,008838B1), ref: 008B7E3C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3269011525-0
                                                                                                                                                                              • Opcode ID: 8959c1b4e53f3d632fd44f77669ce33368788864dd3ba8b8775043f53cc8de4c
                                                                                                                                                                              • Instruction ID: d991e8ca6e1eefbb0bb5c54cb76c548e592d5ad84c4c84f460863dac4d271fbc
                                                                                                                                                                              • Opcode Fuzzy Hash: 8959c1b4e53f3d632fd44f77669ce33368788864dd3ba8b8775043f53cc8de4c
                                                                                                                                                                              • Instruction Fuzzy Hash: 19E09231612228BFCB012B50FC09ACE3F19FF06F51B004233F949E636597614D00ABD1
                                                                                                                                                                              Function 00841DC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 00841EB0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                              • API String ID: 909987262-2556327735
                                                                                                                                                                              • Opcode ID: 759e5c933779e0c585f20b69ac2122bed79eca76bd23131382ec727cb3593651
                                                                                                                                                                              • Instruction ID: ccb6c93bd55a7a12c956f5232514591f9e45dc50340667bb834049ada2e59c87
                                                                                                                                                                              • Opcode Fuzzy Hash: 759e5c933779e0c585f20b69ac2122bed79eca76bd23131382ec727cb3593651
                                                                                                                                                                              • Instruction Fuzzy Hash: 7B316D3AA41509CFDF048B7CC4993EEBFB6F781314F25461AC981D73A1DA364D489B41
                                                                                                                                                                              Function 008BE9ED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 008BE9F6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1728337437.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1728289129.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728430092.00000000008CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728447635.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728467236.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728485520.00000000008DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1728511116.00000000008E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_830000_4hQFnbWlj8.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ___except_validate_context_record
                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                              • API String ID: 3493665558-3733052814
                                                                                                                                                                              • Opcode ID: 6b67616b2b18e26c27a224505904afcaa23f552d75aef52ec1636ca03e6bb892
                                                                                                                                                                              • Instruction ID: b8aad9c1da6bd08f9cfb29676e278123644c8c12fc790f2ac2a256670e203f12
                                                                                                                                                                              • Opcode Fuzzy Hash: 6b67616b2b18e26c27a224505904afcaa23f552d75aef52ec1636ca03e6bb892
                                                                                                                                                                              • Instruction Fuzzy Hash: 67319332400229DFCF269F54CC449EE7B69FF29319B18965AF85489361C332DDA1DB82