Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
nogtpjadthaw.exe

Overview

General Information

Sample name:nogtpjadthaw.exe
Analysis ID:1635475
MD5:2e070594f72d17abe15d822aca9f7d40
SHA1:4d9ed6638bcf8749e2de2a42f379c81781e63e77
SHA256:f4aa315f8ff0c107dce56c88112e061f4e6260682eaf0ffc42a5bcf0d5fd6b8d
Tags:exeLummaStealeruser-aachum
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file has nameless sections
Sample uses string decryption to hide its real strings
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • nogtpjadthaw.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\nogtpjadthaw.exe" MD5: 2E070594F72D17ABE15D822ACA9F7D40)
  • cleanup

Malware Configuration

Threatname: LummaC

{
  "C2 url": [
    "techvkortex.bet",
    "explorebieology.run",
    "gadgethgfub.icu",
    "moderzysics.top",
    "techmindzs.live",
    "codxefusion.top",
    "phygcsforum.life",
    "techspherxe.top"
  ],
  "Build id": "yau6Na--7400515879"
}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.2.nogtpjadthaw.exe.790000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:12.974708+010020283713Unknown Traffic192.168.2.1149705172.67.189.66443TCP
      2025-03-11T17:45:20.249893+010020283713Unknown Traffic192.168.2.1149708172.67.212.102443TCP
      2025-03-11T17:45:27.325064+010020283713Unknown Traffic192.168.2.1149713172.67.214.226443TCP
      2025-03-11T17:45:32.444264+010020283713Unknown Traffic192.168.2.114972023.197.127.21443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:20.249893+010020605311Domain Observed Used for C2 Detected192.168.2.1149708172.67.212.102443TCP
      2025-03-11T17:45:23.424801+010020605311Domain Observed Used for C2 Detected192.168.2.1149709172.67.212.102443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:12.974708+010020605531Domain Observed Used for C2 Detected192.168.2.1149705172.67.189.66443TCP
      2025-03-11T17:45:16.200011+010020605531Domain Observed Used for C2 Detected192.168.2.1149706172.67.189.66443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:27.325064+010020605701Domain Observed Used for C2 Detected192.168.2.1149713172.67.214.226443TCP
      2025-03-11T17:45:30.519445+010020605701Domain Observed Used for C2 Detected192.168.2.1149716172.67.214.226443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:16.217185+010020605301Domain Observed Used for C2 Detected192.168.2.11511811.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:30.525377+010020604121Domain Observed Used for C2 Detected192.168.2.11553201.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:09.100686+010020605361Domain Observed Used for C2 Detected192.168.2.11602111.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:09.111047+010020605381Domain Observed Used for C2 Detected192.168.2.11521881.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:09.123970+010020605511Domain Observed Used for C2 Detected192.168.2.11644391.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:23.579968+010020605541Domain Observed Used for C2 Detected192.168.2.11493981.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:16.204521+010020605651Domain Observed Used for C2 Detected192.168.2.11516541.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T17:45:23.620425+010020605681Domain Observed Used for C2 Detected192.168.2.11610751.1.1.153UDP

      Joe Sandbox Signatures

      • AV Detection
      • Compliance
      • Spreading
      • Software Vulnerabilities
      • Networking
      • System Summary
      • Data Obfuscation
      • Malware Analysis System Evasion
      • Anti Debugging
      • Language, Device and Operating System Detection
      • Stealing of Sensitive Information
      • Remote Access Functionality

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: nogtpjadthaw.exeAvira: detected
      Source: https://phygcsforum.life:443/apiAvira URL Cloud: Label: malware
      Source: https://moderzysics.top:443/apiAvira URL Cloud: Label: malware
      Source: https://earthsymphzony.today:443/apiAvira URL Cloud: Label: malware
      Source: https://techmindzs.live:443/apiAvira URL Cloud: Label: malware
      Source: techvkortex.betAvira URL Cloud: Label: malware
      Source: https://techspherxe.top:443/apiv0?aAvira URL Cloud: Label: malware
      Source: https://codxefusion.top:443/apiAvira URL Cloud: Label: malware
      Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["techvkortex.bet", "explorebieology.run", "gadgethgfub.icu", "moderzysics.top", "techmindzs.live", "codxefusion.top", "phygcsforum.life", "techspherxe.top"], "Build id": "yau6Na--7400515879"}
      Source: nogtpjadthaw.exeVirustotal: Detection: 75%Perma Link
      Source: nogtpjadthaw.exeReversingLabs: Detection: 89%
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpString decryptor: techvkortex.bet
      Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpString decryptor: explorebieology.run
      Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpString decryptor: gadgethgfub.icu
      Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpString decryptor: moderzysics.top
      Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpString decryptor: techmindzs.live
      Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpString decryptor: codxefusion.top
      Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpString decryptor: phygcsforum.life
      Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpString decryptor: techspherxe.top
      Source: nogtpjadthaw.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.11:49720 version: TLS 1.2
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00822490 FindFirstFileW,0_2_00822490
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 4x nop then cmp dword ptr [edx+ebx*8], 744E5843h0_2_007DA050
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_0079A2B0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_0079A2B0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00792800
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 4x nop then movsx ecx, byte ptr [esi+eax]0_2_007AB3A0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 4x nop then mov eax, ebx0_2_007B5800
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+2D625574h]0_2_007B3B00
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+50h]0_2_007D5ED0

      Networking

      barindex
      Source: Network trafficSuricata IDS: 2060565 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (techmindzs .live) : 192.168.2.11:51654 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060538 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gadgethgfub .icu) : 192.168.2.11:52188 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060553 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (moderzysics .top in TLS SNI) : 192.168.2.11:49705 -> 172.67.189.66:443
      Source: Network trafficSuricata IDS: 2060554 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (phygcsforum .life) : 192.168.2.11:49398 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060551 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moderzysics .top) : 192.168.2.11:64439 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060568 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (techspherxe .top) : 192.168.2.11:61075 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060553 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (moderzysics .top in TLS SNI) : 192.168.2.11:49706 -> 172.67.189.66:443
      Source: Network trafficSuricata IDS: 2060536 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (explorebieology .run) : 192.168.2.11:60211 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060531 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) : 192.168.2.11:49709 -> 172.67.212.102:443
      Source: Network trafficSuricata IDS: 2060530 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (codxefusion .top) : 192.168.2.11:51181 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060531 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) : 192.168.2.11:49708 -> 172.67.212.102:443
      Source: Network trafficSuricata IDS: 2060412 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (earthsymphzony .today) : 192.168.2.11:55320 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060570 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (techspherxe .top in TLS SNI) : 192.168.2.11:49713 -> 172.67.214.226:443
      Source: Network trafficSuricata IDS: 2060570 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (techspherxe .top in TLS SNI) : 192.168.2.11:49716 -> 172.67.214.226:443
      Source: Malware configuration extractorURLs: techvkortex.bet
      Source: Malware configuration extractorURLs: explorebieology.run
      Source: Malware configuration extractorURLs: gadgethgfub.icu
      Source: Malware configuration extractorURLs: moderzysics.top
      Source: Malware configuration extractorURLs: techmindzs.live
      Source: Malware configuration extractorURLs: codxefusion.top
      Source: Malware configuration extractorURLs: phygcsforum.life
      Source: Malware configuration extractorURLs: techspherxe.top
      Source: global trafficTCP traffic: 192.168.2.11:53668 -> 162.159.36.2:53
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49705 -> 172.67.189.66:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49713 -> 172.67.214.226:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49720 -> 23.197.127.21:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49708 -> 172.67.212.102:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
      Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
      Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
      Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C852cc335c9bfa05f5431530e9c06e47f; path=/; secure; HttpOnly; SameSite=Nonesessionid=cdc58bc6584e3f08d97eef49; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35725Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 11 Mar 2025 16:45:33 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: techvkortex.bet
      Source: global trafficDNS traffic detected: DNS query: explorebieology.run
      Source: global trafficDNS traffic detected: DNS query: gadgethgfub.icu
      Source: global trafficDNS traffic detected: DNS query: moderzysics.top
      Source: global trafficDNS traffic detected: DNS query: techmindzs.live
      Source: global trafficDNS traffic detected: DNS query: codxefusion.top
      Source: global trafficDNS traffic detected: DNS query: phygcsforum.life
      Source: global trafficDNS traffic detected: DNS query: techspherxe.top
      Source: global trafficDNS traffic detected: DNS query: earthsymphzony.today
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: nogtpjadthaw.exe, 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, nogtpjadthaw.exe, 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.enigmaprotector.com/
      Source: nogtpjadthaw.exe, 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.enigmaprotector.com/openU
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
      Source: nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codxefusion.top:443/api
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fa
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.stea
      Source: nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Gzg8NS4HKwGo&a
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_c
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=1VeaVEsE
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=Bdoh
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&am
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=LrC2xWhJTNZp&l=e
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&am
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://earthsymphzony.today:443/api
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run:443/api
      Source: nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://moderzysics.top:443/api
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://phygcsforum.life:443/api
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/badges
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/inventory/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128W0
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
      Source: nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1305015715.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
      Source: nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://techmindzs.live:443/api
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://techspherxe.top:443/apiv0?a
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.11:49720 version: TLS 1.2

      System Summary

      barindex
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A6B8 NtReadFile,0_2_0084A6B8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A634 NtClose,0_2_0084A634
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A650 NtSetInformationFile,0_2_0084A650
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A7F0 NtProtectVirtualMemory,0_2_0084A7F0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A710 NtCreateFile,0_2_0084A710
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A0B0 NtSetValueKey,0_2_0084A0B0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A028 NtCreateKey,0_2_0084A028
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A070 NtEnumerateKey,0_2_0084A070
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A180 NtNotifyChangeKey,0_2_0084A180
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A1E0 NtQueryMultipleValueKey,0_2_0084A1E0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A2C4 NtTerminateProcess,0_2_0084A2C4
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A2E0 NtWriteFile,0_2_0084A2E0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A27C NtSetInformationKey,0_2_0084A27C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A3F4 NtDuplicateObject,0_2_0084A3F4
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A338 NtQueryObject,0_2_0084A338
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A36C NtQueryDirectoryFile,0_2_0084A36C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A48C NtLockFile,0_2_0084A48C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A4EC NtUnlockFile,0_2_0084A4EC
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A43C NtQueryVolumeInformationFile,0_2_0084A43C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A58C NtMapViewOfSection,0_2_0084A58C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A5EC NtCreateSection,0_2_0084A5EC
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A53C NtUnmapViewOfSection,0_2_0084A53C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A558 NtQuerySection,0_2_0084A558
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A684 NtQueryInformationFile,0_2_0084A684
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0084A778 NtOpenFile,0_2_0084A778
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849BB0 NtQueryInformationProcess,0_2_00849BB0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849BE4 NtCreateThread,0_2_00849BE4
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849B50 NtDeviceIoControlFile,0_2_00849B50
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849CA0 NtCreateProcessEx,0_2_00849CA0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849CF8 NtCreateUserProcess,0_2_00849CF8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849C50 NtCreateProcess,0_2_00849C50
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849D8C NtSetVolumeInformationFile,0_2_00849D8C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849DE0 NtQuerySecurityObject,0_2_00849DE0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849D60 NtOpenKeyEx,0_2_00849D60
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849E14 NtNotifyChangeDirectoryFile,0_2_00849E14
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849E6C NtFsControlFile,0_2_00849E6C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849FB4 NtQueryKey,0_2_00849FB4
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849FE8 NtQueryValueKey,0_2_00849FE8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849F04 NtAccessCheck,0_2_00849F04
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849F54 NtOpenKey,0_2_00849F54
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00849F74 NtEnumerateValueKey,0_2_00849F74
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A8CA4: CreateFileA,DeviceIoControl,0_2_008A8CA4
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0079ED500_2_0079ED50
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007DA0500_2_007DA050
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007A81200_2_007A8120
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007B62300_2_007B6230
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0079A2B00_2_0079A2B0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A82640_2_008A8264
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007B65200_2_007B6520
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A86000_2_008A8600
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007CA6E00_2_007CA6E0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0087682C0_2_0087682C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008C8A040_2_008C8A04
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00798AF00_2_00798AF0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A8A400_2_008A8A40
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0085ABB00_2_0085ABB0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00792B300_2_00792B30
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00864C0C0_2_00864C0C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007D6F500_2_007D6F50
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00832FF00_2_00832FF0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00796FE60_2_00796FE6
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007D52700_2_007D5270
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008C34980_2_008C3498
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007994E00_2_007994E0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007935600_2_00793560
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007D76D00_2_007D76D0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007C77200_2_007C7720
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007DD8400_2_007DD840
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007B58000_2_007B5800
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007DD8C00_2_007DD8C0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0083D97C0_2_0083D97C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A5AC80_2_008A5AC8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008C7AC80_2_008C7AC8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008CBA180_2_008CBA18
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007B5B700_2_007B5B70
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007B7C300_2_007B7C30
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00885C280_2_00885C28
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A5D940_2_008A5D94
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007A3D000_2_007A3D00
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007CDDF00_2_007CDDF0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008CFEB00_2_008CFEB0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00797E100_2_00797E10
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007D5ED00_2_007D5ED0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007CFFF00_2_007CFFF0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A5F240_2_008A5F24
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008CBF480_2_008CBF48
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_02F14FD70_2_02F14FD7
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_02F138E80_2_02F138E8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: String function: 007FBD9C appears 119 times
      Source: nogtpjadthaw.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: nogtpjadthaw.exeStatic PE information: Section: ZLIB complexity 0.9987076627994012
      Source: nogtpjadthaw.exeStatic PE information: Section: ZLIB complexity 0.9912109375
      Source: nogtpjadthaw.exeStatic PE information: Section: ZLIB complexity 0.9894301470588235
      Source: nogtpjadthaw.exeStatic PE information: Section: .data ZLIB complexity 0.9964277811819172
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/4
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: nogtpjadthaw.exeVirustotal: Detection: 75%
      Source: nogtpjadthaw.exeReversingLabs: Detection: 89%
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeFile read: C:\Users\user\Desktop\nogtpjadthaw.exeJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: nogtpjadthaw.exeStatic file information: File size 1315840 > 1048576

      Data Obfuscation

      barindex
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeUnpacked PE file: 0.2.nogtpjadthaw.exe.790000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: nogtpjadthaw.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008979C4 push 00897A51h; ret 0_2_00897A49
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0083A0BC push 0083A0E8h; ret 0_2_0083A0E0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A20FC push 008A2134h; ret 0_2_008A212C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0083A0F4 push 0083A120h; ret 0_2_0083A118
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00806054 push 00806080h; ret 0_2_00806078
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00872194 push 008721C0h; ret 0_2_008721B8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0083E194 push 0083E1CCh; ret 0_2_0083E1C4
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0081C1DC push 0081C26Ch; ret 0_2_0081C264
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0081C12C push 0081C1D7h; ret 0_2_0081C1CF
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00880160 push 0088018Ch; ret 0_2_00880184
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0085E290 push 0085E2C3h; ret 0_2_0085E2BB
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0085E2F0 push 0085E31Ch; ret 0_2_0085E314
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0085E394 push 0085E3DFh; ret 0_2_0085E3D7
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A6394 push 008A63C0h; ret 0_2_008A63B8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0080E3A0 push 0080E400h; ret 0_2_0080E3F8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0085E33C push 0085E388h; ret 0_2_0085E380
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A047C push 008A04C8h; ret 0_2_008A04C0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008205C4 push 008205F0h; ret 0_2_008205E8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0087E55C push 0087E5B6h; ret 0_2_0087E5AE
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0080E578 push 0080E5A4h; ret 0_2_0080E59C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0085C578 push ecx; mov dword ptr [esp], ecx0_2_0085C57D
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0080E684 push ecx; mov dword ptr [esp], ecx0_2_0080E687
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0080C6A4 push 0080C74Ch; ret 0_2_0080C744
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008866DC push 00886747h; ret 0_2_0088673F
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0080C62C push 0080C6A2h; ret 0_2_0080C69A
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0080E664 push ecx; mov dword ptr [esp], ecx0_2_0080E667
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0081C784 push 0081C7B0h; ret 0_2_0081C7A8
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_0081C7D4 push 0081C817h; ret 0_2_0081C80F
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A6730 push 008A675Ch; ret 0_2_008A6754
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A6768 push 008A6794h; ret 0_2_008A678C
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008BA76C push 008BA7AFh; ret 0_2_008BA7A7
      Source: nogtpjadthaw.exeStatic PE information: section name: entropy: 7.998324079794281
      Source: nogtpjadthaw.exeStatic PE information: section name: entropy: 7.916236118328118
      Source: nogtpjadthaw.exeStatic PE information: section name: entropy: 7.957363561867478
      Source: nogtpjadthaw.exeStatic PE information: section name: entropy: 7.957657869647251
      Source: nogtpjadthaw.exeStatic PE information: section name: .data entropy: 7.976016703101532
      Source: C:\Users\user\Desktop\nogtpjadthaw.exe TID: 7260Thread sleep count: 259 > 30Jump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exe TID: 7260Thread sleep count: 53 > 30Jump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exe TID: 7280Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exe TID: 7296Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00822490 FindFirstFileW,0_2_00822490
      Source: nogtpjadthaw.exe, 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxService.exe
      Source: nogtpjadthaw.exe, 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ~VirtualMachineTypes
      Source: nogtpjadthaw.exe, 00000000.00000002.1305890319.000000000116E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX(
      Source: nogtpjadthaw.exe, 00000000.00000003.1305048575.00000000011DE000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306106393.00000000011DF000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: nogtpjadthaw.exe, 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
      Source: nogtpjadthaw.exe, 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMWare
      Source: nogtpjadthaw.exe, 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
      Source: nogtpjadthaw.exe, 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: &VBoxService.exe

      Anti Debugging

      barindex
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_007DB8C0 LdrInitializeThunk,0_2_007DB8C0
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_02F17F4A mov eax, dword ptr fs:[00000030h]0_2_02F17F4A
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_02F17C78 mov eax, dword ptr fs:[00000030h]0_2_02F17C78
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_008A7268 cpuid 0_2_008A7268
      Source: C:\Users\user\Desktop\nogtpjadthaw.exeCode function: 0_2_00848CC0 GetTimeZoneInformation,0_2_00848CC0

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 0.2.nogtpjadthaw.exe.790000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 0.2.nogtpjadthaw.exe.790000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		1
      DLL Side-Loading      		11
      Virtualization/Sandbox Evasion      		OS Credential Dumping1
      System Time Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Deobfuscate/Decode Files or Information      		LSASS Memory11
      Security Software Discovery      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)4
      Obfuscated Files or Information      		Security Account Manager11
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
      Software Packing      		NTDS1
      File and Directory Discovery      		Distributed Component Object ModelInput Capture113
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets11
      System Information Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1635475 Sample: nogtpjadthaw.exe Startdate: 11/03/2025 Architecture: WINDOWS Score: 100 10 techvkortex.bet 2->10 12 techmindzs.live 2->12 14 8 other IPs or domains 2->14 22 Suricata IDS alerts for network traffic 2->22 24 Found malware configuration 2->24 26 Antivirus detection for URL or domain 2->26 28 7 other signatures 2->28 6 nogtpjadthaw.exe 2->6         started        signatures3 process4 dnsIp5 16 moderzysics.top 172.67.189.66, 443, 49705, 49706 CLOUDFLARENETUS United States 6->16 18 codxefusion.top 172.67.212.102, 443, 49708, 49709 CLOUDFLARENETUS United States 6->18 20 2 other IPs or domains 6->20 30 Detected unpacking (changes PE section rights) 6->30 32 Hides threads from debuggers 6->32 signatures6

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      nogtpjadthaw.exe75%VirustotalBrowse
      nogtpjadthaw.exe89%ReversingLabsWin32.Trojan.LummaStealer
      nogtpjadthaw.exe100%AviraHEUR/AGEN.1314134

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://community.fa0%Avira URL Cloudsafe
      https://phygcsforum.life:443/api100%Avira URL Cloudmalware
      https://moderzysics.top:443/api100%Avira URL Cloudmalware
      https://earthsymphzony.today:443/api100%Avira URL Cloudmalware
      https://techmindzs.live:443/api100%Avira URL Cloudmalware
      techvkortex.bet100%Avira URL Cloudmalware
      https://techspherxe.top:443/apiv0?a100%Avira URL Cloudmalware
      https://community.fastly.stea0%Avira URL Cloudsafe
      https://codxefusion.top:443/api100%Avira URL Cloudmalware

      Domains and IPs

      Download Network PCAP: filteredfull

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      moderzysics.top
      		172.67.189.66
      		truefalse
        		high
        techspherxe.top
        		172.67.214.226
        		truefalse
          		high
          codxefusion.top
          		172.67.212.102
          		truefalse
            		high
            steamcommunity.com
            		23.197.127.21
            		truefalse
              		high
              explorebieology.run
              		unknown
              		unknownfalse
                		high
                techvkortex.bet
                		unknown
                		unknowntrue
                  		unknown
                  earthsymphzony.today
                  		unknown
                  		unknownfalse
                    		high
                    phygcsforum.life
                    		unknown
                    		unknowntrue
                      		unknown
                      techmindzs.live
                      		unknown
                      		unknowntrue
                        		unknown
                        gadgethgfub.icu
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          phygcsforum.lifefalse
                            		high
                            techspherxe.topfalse
                              		high
                              https://steamcommunity.com/profiles/76561199822375128false
                                		high
                                gadgethgfub.icufalse
                                  		high
                                  moderzysics.topfalse
                                    		high
                                    techvkortex.bettrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    techmindzs.livefalse
                                      		high
                                      codxefusion.topfalse
                                        		high
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngnogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://player.vimeo.comnogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://steamcommunity.com/?subsection=broadcastsnogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://store.steampowered.com/subscriber_agreement/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.gstatic.cn/recaptcha/nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://steamcommunity.com/profiles/76561199822375128/badgesnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://steamcommunity.com/profiles/76561199822375128/inventory/nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.valvesoftware.com/legal.htmnogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.youtube.comnogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.comnogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbacknogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&amnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&amnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englnogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://steamcommunity.com:443/profiles/76561199822375128W0nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://s.ytimg.com;nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://steam.tv/nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=ennogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://store.steampowered.com/privacy_agreement/nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://store.steampowered.com/points/shop/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&anogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://sketchfab.comnogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://lv.queniujq.cnnogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.youtube.com/nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://store.steampowered.com/privacy_agreement/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://phygcsforum.life:443/apinogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: malware
                                                                                                              		unknown
                                                                                                              https://community.fanogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://www.google.com/recaptcha/nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://checkout.steampowered.com/nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.enigmaprotector.com/nogtpjadthaw.exe, 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, nogtpjadthaw.exe, 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://moderzysics.top:443/apinogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    		unknown
                                                                                                                    https://store.steampowered.com/;nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1305015715.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/about/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://steamcommunity.com/my/wishlist/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://steamloopback.hostnogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://help.steampowered.com/en/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamcommunity.com/market/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/news/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.enigmaprotector.com/openUnogtpjadthaw.exe, 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=1VeaVEsEnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://earthsymphzony.today:443/apinogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                        		unknown
                                                                                                                                        http://store.steampowered.com/subscriber_agreement/nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://recaptcha.net/recaptcha/;nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=ennogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=Bdohnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.com/discussions/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/stats/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_cnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://medal.tvnogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://broadcast.st.dl.eccdnx.comnogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngnogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&anogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/steam_refunds/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://techmindzs.live:443/apinogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Gzg8NS4HKwGo&anogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=LrC2xWhJTNZp&l=enogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=enogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.com/workshop/nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://login.steampowered.com/nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/legal/nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=ennogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steanogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&anogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://recaptcha.netnogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://techspherxe.top:443/apiv0?anogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngnogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://127.0.0.1:27060nogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011C1000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgnogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://codxefusion.top:443/apinogtpjadthaw.exe, 00000000.00000002.1305990331.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQnogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampnogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://help.steampowered.com/nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://api.steampowered.com/nogtpjadthaw.exe, 00000000.00000002.1306188919.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://store.steampowered.com/account/cookiepreferences/nogtpjadthaw.exe, 00000000.00000003.1304809247.0000000001236000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000002.1306231967.000000000124E000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmp, nogtpjadthaw.exe, 00000000.00000003.1304848712.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://store.steampowered.com/mobilenogtpjadthaw.exe, 00000000.00000003.1304809247.000000000123C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high

                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                172.67.189.66
                                                                                                                                                                                                                		moderzysics.topUnited States
                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                172.67.214.226
                                                                                                                                                                                                                		techspherxe.topUnited States
                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                23.197.127.21
                                                                                                                                                                                                                		steamcommunity.comUnited States
                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                172.67.212.102
                                                                                                                                                                                                                		codxefusion.topUnited States
                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                Analysis ID:1635475
                                                                                                                                                                                                                Start date and time:2025-03-11 17:44:17 +01:00
                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                Overall analysis duration:0h 7m 3s
                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                Number of analysed new started processes analysed:12
                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                Sample name:nogtpjadthaw.exe
                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                Classification:mal100.troj.evad.winEXE@1/0@10/4
                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                • Successful, ratio: 55%
                                                                                                                                                                                                                • Number of executed functions: 14
                                                                                                                                                                                                                • Number of non-executed functions: 93
                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 52.149.20.212, 23.199.214.10
                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                12:45:07API Interceptor6x Sleep call for process: nogtpjadthaw.exe modified

                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                No created / dropped files found

                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Entropy (8bit):7.986910818807632
                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                File name:nogtpjadthaw.exe
                                                                                                                                                                                                                File size:1'315'840 bytes
                                                                                                                                                                                                                MD5:2e070594f72d17abe15d822aca9f7d40
                                                                                                                                                                                                                SHA1:4d9ed6638bcf8749e2de2a42f379c81781e63e77
                                                                                                                                                                                                                SHA256:f4aa315f8ff0c107dce56c88112e061f4e6260682eaf0ffc42a5bcf0d5fd6b8d
                                                                                                                                                                                                                SHA512:1f5251136f144d95da7578ae02f896c11dd7d59b2abb485ffe896a899044d2140e9609326ccfeafabf3f0c2d14adf562c72af03923bbe59a631865fdd9f5dc2e
                                                                                                                                                                                                                SSDEEP:24576:1jASJswj6381I/N9/hhgfzDoTxrp6TFwu2kBL3ryop:1cSw81I/oHgxrp6BwuH+o
                                                                                                                                                                                                                TLSH:4B5533E41BE9A23DC95F35B1C9A23FAD272F90D3C764F0EE8A8316C44A72476745E058
                                                                                                                                                                                                                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...#..g.............................Q............@...........................<...........@................................. 0.....

                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Entrypoint:0x42519d
                                                                                                                                                                                                                Entrypoint Section:
                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                Time Stamp:0x67C0CB23 [Thu Feb 27 20:29:23 2025 UTC]
                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                Import Hash:71cc5af9daad65e58c6f29c42cdf9201
                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                add esp, FFFFFFF0h
                                                                                                                                                                                                                mov eax, 00401000h
                                                                                                                                                                                                                call 00007F6134C38356h
                                                                                                                                                                                                                call far 5DE5h : 8B10C483h
                                                                                                                                                                                                                jmp 00007F6134FDA33Ch
                                                                                                                                                                                                                loop 00007F6134C382DCh
                                                                                                                                                                                                                cmpsd
                                                                                                                                                                                                                out ABh, al
                                                                                                                                                                                                                mov dh, 93h
                                                                                                                                                                                                                adc al, 10h
                                                                                                                                                                                                                inc edx
                                                                                                                                                                                                                xor byte ptr [edi+2Eh], bh
                                                                                                                                                                                                                jns 00007F6134C38364h
                                                                                                                                                                                                                mov dh, 19h
                                                                                                                                                                                                                mov byte ptr [6B6E7140h], al
                                                                                                                                                                                                                inc esp
                                                                                                                                                                                                                pop edi
                                                                                                                                                                                                                call far F2BAh : 45693904h
                                                                                                                                                                                                                lds edi, fword ptr [F159CF67h]
                                                                                                                                                                                                                jne 00007F6134C383A7h
                                                                                                                                                                                                                out dx, al
                                                                                                                                                                                                                adc ch, byte ptr [ebp-76D2897Fh]
                                                                                                                                                                                                                add al, 68h
                                                                                                                                                                                                                xchg byte ptr [D579E1FCh], ah
                                                                                                                                                                                                                je 00007F6134C3832Eh
                                                                                                                                                                                                                pop es
                                                                                                                                                                                                                xor esp, dword ptr [ecx+062726A7h]
                                                                                                                                                                                                                dec esi
                                                                                                                                                                                                                and bl, byte ptr [ebp+54FA7181h]
                                                                                                                                                                                                                inc eax
                                                                                                                                                                                                                adc eax, 041C9FF9h
                                                                                                                                                                                                                fdiv qword ptr [edi]
                                                                                                                                                                                                                mov word ptr [edi-61h], fs
                                                                                                                                                                                                                js 00007F6134C38392h
                                                                                                                                                                                                                cmc
                                                                                                                                                                                                                fxch4 st(7)
                                                                                                                                                                                                                sub eax, 7D911F91h
                                                                                                                                                                                                                imul eax, esp, 5F948185h
                                                                                                                                                                                                                rcl byte ptr [esi-31h], cl
                                                                                                                                                                                                                int 7Bh
                                                                                                                                                                                                                and dh, bh
                                                                                                                                                                                                                dec edx
                                                                                                                                                                                                                push ds
                                                                                                                                                                                                                lahf
                                                                                                                                                                                                                xor eax, 36766607h
                                                                                                                                                                                                                cmp byte ptr [edx+3F66C23Bh], dh
                                                                                                                                                                                                                outsd
                                                                                                                                                                                                                pop esp
                                                                                                                                                                                                                cmp al, 28h
                                                                                                                                                                                                                mov ch, 83h
                                                                                                                                                                                                                push ds
                                                                                                                                                                                                                dec edx
                                                                                                                                                                                                                push 6C8CCA48h
                                                                                                                                                                                                                shr dword ptr [esi-4Dh], cl
                                                                                                                                                                                                                mov dword ptr [CFB6A10Dh], eax
                                                                                                                                                                                                                mov byte ptr [22122812h], al
                                                                                                                                                                                                                mov dh, 9Ch
                                                                                                                                                                                                                out dx, eax
                                                                                                                                                                                                                and ebx, dword ptr [esi+74D3FE07h]
                                                                                                                                                                                                                les esp, fword ptr [eax+02903E27h]
                                                                                                                                                                                                                cmc
                                                                                                                                                                                                                pop es
                                                                                                                                                                                                                mov bl, 91h
                                                                                                                                                                                                                cmp edi, dword ptr [eax]
                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                mov al, byte ptr [E43A4DBCh]
                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x2e30200x214.data
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x2e30000xc.data
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                0x10000x500000x29c005630f07b6fe0e3cb5dd6aff0050c7e75False0.9987076627994012data7.998324079794281IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                0x510000x30000x1000fce23146a4ae9fd9db3db73272c6e86fFalse0.9912109375data7.916236118328118IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                0x540000xd0000x3000396d698fe97147a0bcc1d3a498294e5bFalse0.9873860677083334data7.957363561867478IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                0x610000x40000x22003e474e0a4078346c5d070fdfdc99c68dFalse0.9894301470588235data7.957657869647251IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                0x650000x27e0000x2ba00914bd2e21914d0ffb45580a1d8934650unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .data0x2e30000xe60000xe5800a3de2bdc5ab98ae2c58a7f99033fa779False0.9964277811819172MacBinary, char. code 0x2e, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040, creator ' 0.', type ' 1.', 3682606 bytes "." , at 0x3831ae 15740974 bytes resource dBase III DBT, version number 0, next free block index 3027316, 1st item "\343x\275y1\265\306\372\231\001U\004\207\260,g\271\313B\271\0336\315\/\2206\206?\014O^\211\257\031\242\244YR1J]"7.976016703101532IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                kernel32.dllGetModuleHandleA, GetProcAddress, ExitProcess, LoadLibraryA
                                                                                                                                                                                                                user32.dllMessageBoxA
                                                                                                                                                                                                                advapi32.dllRegCloseKey
                                                                                                                                                                                                                oleaut32.dllSysFreeString
                                                                                                                                                                                                                gdi32.dllCreateFontA
                                                                                                                                                                                                                shell32.dllShellExecuteA
                                                                                                                                                                                                                version.dllGetFileVersionInfoA
                                                                                                                                                                                                                ole32.dllCoCreateInstance

                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                Download Network PCAP: filteredfull

                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                2025-03-11T17:45:09.100686+01002060536ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (explorebieology .run)1192.168.2.11602111.1.1.153UDP
                                                                                                                                                                                                                2025-03-11T17:45:09.111047+01002060538ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gadgethgfub .icu)1192.168.2.11521881.1.1.153UDP
                                                                                                                                                                                                                2025-03-11T17:45:09.123970+01002060551ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moderzysics .top)1192.168.2.11644391.1.1.153UDP
                                                                                                                                                                                                                2025-03-11T17:45:12.974708+01002060553ET MALWARE Observed Win32/Lumma Stealer Related Domain (moderzysics .top in TLS SNI)1192.168.2.1149705172.67.189.66443TCP
                                                                                                                                                                                                                2025-03-11T17:45:12.974708+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149705172.67.189.66443TCP
                                                                                                                                                                                                                2025-03-11T17:45:16.200011+01002060553ET MALWARE Observed Win32/Lumma Stealer Related Domain (moderzysics .top in TLS SNI)1192.168.2.1149706172.67.189.66443TCP
                                                                                                                                                                                                                2025-03-11T17:45:16.204521+01002060565ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (techmindzs .live)1192.168.2.11516541.1.1.153UDP
                                                                                                                                                                                                                2025-03-11T17:45:16.217185+01002060530ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (codxefusion .top)1192.168.2.11511811.1.1.153UDP
                                                                                                                                                                                                                2025-03-11T17:45:20.249893+01002060531ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI)1192.168.2.1149708172.67.212.102443TCP
                                                                                                                                                                                                                2025-03-11T17:45:20.249893+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149708172.67.212.102443TCP
                                                                                                                                                                                                                2025-03-11T17:45:23.424801+01002060531ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI)1192.168.2.1149709172.67.212.102443TCP
                                                                                                                                                                                                                2025-03-11T17:45:23.579968+01002060554ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (phygcsforum .life)1192.168.2.11493981.1.1.153UDP
                                                                                                                                                                                                                2025-03-11T17:45:23.620425+01002060568ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (techspherxe .top)1192.168.2.11610751.1.1.153UDP
                                                                                                                                                                                                                2025-03-11T17:45:27.325064+01002060570ET MALWARE Observed Win32/Lumma Stealer Related Domain (techspherxe .top in TLS SNI)1192.168.2.1149713172.67.214.226443TCP
                                                                                                                                                                                                                2025-03-11T17:45:27.325064+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149713172.67.214.226443TCP
                                                                                                                                                                                                                2025-03-11T17:45:30.519445+01002060570ET MALWARE Observed Win32/Lumma Stealer Related Domain (techspherxe .top in TLS SNI)1192.168.2.1149716172.67.214.226443TCP
                                                                                                                                                                                                                2025-03-11T17:45:30.525377+01002060412ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (earthsymphzony .today)1192.168.2.11553201.1.1.153UDP
                                                                                                                                                                                                                2025-03-11T17:45:32.444264+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.114972023.197.127.21443TCP

                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                • Total Packets: 75
                                                                                                                                                                                                                • 443 (HTTPS)
                                                                                                                                                                                                                • 53 (DNS)
                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.281368971 CET49705443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.281407118 CET44349705172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.281478882 CET49705443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.284681082 CET49705443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.284703016 CET44349705172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:12.973304987 CET44349705172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:12.974708080 CET49705443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:12.974801064 CET44349705172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:12.974855900 CET49705443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:12.975375891 CET49706443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:12.975402117 CET44349706172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:12.975470066 CET49706443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:12.975898981 CET49706443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:12.975908041 CET44349706172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.199599028 CET44349706172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.200011015 CET49706443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.200226068 CET44349706172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.200279951 CET49706443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.200331926 CET49707443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.200373888 CET44349707172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.200433016 CET49707443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.201052904 CET49707443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.201105118 CET44349707172.67.189.66192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.201158047 CET49707443192.168.2.11172.67.189.66
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.714281082 CET49708443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.714318991 CET44349708172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.714405060 CET49708443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.714808941 CET49708443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.714826107 CET44349708172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:20.249363899 CET44349708172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:20.249892950 CET49708443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:20.250049114 CET44349708172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:20.250122070 CET49708443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:20.250406027 CET49709443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:20.250452042 CET44349709172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:20.250525951 CET49709443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:20.251104116 CET49709443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:20.251120090 CET44349709172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.421183109 CET44349709172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.424748898 CET44349709172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.424801111 CET49709443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.454194069 CET49709443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.454212904 CET44349709172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.454535961 CET49710443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.454565048 CET44349710172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.454638958 CET49710443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.569674015 CET49710443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.569729090 CET44349710172.67.212.102192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.569773912 CET49710443192.168.2.11172.67.212.102
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.988569021 CET49713443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.988616943 CET44349713172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.988723040 CET49713443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.989022970 CET49713443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.989041090 CET44349713172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:27.324580908 CET44349713172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:27.325063944 CET49713443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:27.325293064 CET44349713172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:27.325351000 CET49713443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:27.325529099 CET49716443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:27.325565100 CET44349716172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:27.325640917 CET49716443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:27.326008081 CET49716443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:27.326023102 CET44349716172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.518995047 CET44349716172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.519444942 CET49716443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.519541979 CET44349716172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.519592047 CET49716443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.520390034 CET49719443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.520427942 CET44349719172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.520494938 CET49719443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.521153927 CET49719443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.521182060 CET44349719172.67.214.226192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.521235943 CET49719443192.168.2.11172.67.214.226
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.545737982 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.545769930 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.545829058 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.546338081 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.546350002 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:32.444184065 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:32.444263935 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:32.493063927 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:32.493084908 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:32.493341923 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:32.535600901 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.023052931 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.064330101 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758425951 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758450985 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758477926 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758502007 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758514881 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758526087 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758531094 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758543015 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758563042 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.758580923 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.855521917 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.855556965 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.855597019 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.855602980 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.855644941 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.897552967 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.897594929 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.897655010 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.897685051 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.897711992 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.897711992 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.898586035 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.898586035 CET49720443192.168.2.1123.197.127.21
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.898603916 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:33.898611069 CET4434972023.197.127.21192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:56.012109995 CET5366853192.168.2.11162.159.36.2
                                                                                                                                                                                                                Mar 11, 2025 17:45:56.016891956 CET5353668162.159.36.2192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:56.017014980 CET5366853192.168.2.11162.159.36.2
                                                                                                                                                                                                                Mar 11, 2025 17:45:56.021795034 CET5353668162.159.36.2192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:56.470649958 CET5366853192.168.2.11162.159.36.2
                                                                                                                                                                                                                Mar 11, 2025 17:45:56.475578070 CET5353668162.159.36.2192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:56.475636959 CET5366853192.168.2.11162.159.36.2
                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.085969925 CET5122253192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.096380949 CET53512221.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.100686073 CET6021153192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.109569073 CET53602111.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.111047029 CET5218853192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.120295048 CET53521881.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.123970032 CET6443953192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.274276018 CET53644391.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.204520941 CET5165453192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.214541912 CET53516541.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.217185020 CET5118153192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.713233948 CET53511811.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.579967976 CET4939853192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.588974953 CET53493981.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.620424986 CET6107553192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.987797022 CET53610751.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.525377035 CET5532053192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.534751892 CET53553201.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.536889076 CET5283653192.168.2.111.1.1.1
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.544462919 CET53528361.1.1.1192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:56.011456013 CET5357126162.159.36.2192.168.2.11
                                                                                                                                                                                                                Mar 11, 2025 17:45:56.501111031 CET53501631.1.1.1192.168.2.11

                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.085969925 CET192.168.2.111.1.1.10x3e70Standard query (0)techvkortex.betA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.100686073 CET192.168.2.111.1.1.10xa174Standard query (0)explorebieology.runA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.111047029 CET192.168.2.111.1.1.10xf696Standard query (0)gadgethgfub.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.123970032 CET192.168.2.111.1.1.10xc1c3Standard query (0)moderzysics.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.204520941 CET192.168.2.111.1.1.10xe310Standard query (0)techmindzs.liveA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.217185020 CET192.168.2.111.1.1.10xbf8aStandard query (0)codxefusion.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.579967976 CET192.168.2.111.1.1.10xd3baStandard query (0)phygcsforum.lifeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.620424986 CET192.168.2.111.1.1.10xed61Standard query (0)techspherxe.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.525377035 CET192.168.2.111.1.1.10xbe06Standard query (0)earthsymphzony.todayA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.536889076 CET192.168.2.111.1.1.10x4db4Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.096380949 CET1.1.1.1192.168.2.110x3e70Name error (3)techvkortex.betnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.109569073 CET1.1.1.1192.168.2.110xa174Name error (3)explorebieology.runnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.120295048 CET1.1.1.1192.168.2.110xf696Name error (3)gadgethgfub.icunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.274276018 CET1.1.1.1192.168.2.110xc1c3No error (0)moderzysics.top172.67.189.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:09.274276018 CET1.1.1.1192.168.2.110xc1c3No error (0)moderzysics.top104.21.9.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.214541912 CET1.1.1.1192.168.2.110xe310Name error (3)techmindzs.livenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.713233948 CET1.1.1.1192.168.2.110xbf8aNo error (0)codxefusion.top172.67.212.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:16.713233948 CET1.1.1.1192.168.2.110xbf8aNo error (0)codxefusion.top104.21.69.194A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.588974953 CET1.1.1.1192.168.2.110xd3baName error (3)phygcsforum.lifenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.987797022 CET1.1.1.1192.168.2.110xed61No error (0)techspherxe.top172.67.214.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:23.987797022 CET1.1.1.1192.168.2.110xed61No error (0)techspherxe.top104.21.16.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.534751892 CET1.1.1.1192.168.2.110xbe06Name error (3)earthsymphzony.todaynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 11, 2025 17:45:30.544462919 CET1.1.1.1192.168.2.110x4db4No error (0)steamcommunity.com23.197.127.21A (IP address)IN (0x0001)false

                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                • steamcommunity.com

                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                0192.168.2.114972023.197.127.214437256C:\Users\user\Desktop\nogtpjadthaw.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-03-11 16:45:33 UTC219OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                2025-03-11 16:45:33 UTC1962INHTTP/1.1 200 OK
                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                Date: Tue, 11 Mar 2025 16:45:33 GMT
                                                                                                                                                                                                                Content-Length: 35725
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Set-Cookie: sessionid=cdc58bc6584e3f08d97eef49; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C852cc335c9bfa05f5431530e9c06e47f; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                2025-03-11 16:45:33 UTC14422INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                2025-03-11 16:45:33 UTC10154INData Raw: 79 70 65 3d 22 73 65 6c 65 63 74 6f 72 22 20 64 61 74 61 2d 74 6f 6f 6c 74 69 70 2d 63 6f 6e 74 65 6e 74 3d 22 2e 73 75 62 6d 65 6e 75 5f 43 6f 6d 6d 75 6e 69 74 79 22 3e 0a 09 09 09 09 43 4f 4d 4d 55 4e 49 54 59 09 09 09 3c 2f 61 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 5f 43 6f 6d 6d 75 6e 69 74 79 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 20 64 61 74 61 2d 73 75 62 6d 65 6e 75 69 64 3d 22 43 6f 6d 6d 75 6e 69 74 79 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 22 3e 0a 09 09 09 09 09 09 48 6f 6d 65 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                Data Ascii: ype="selector" data-tooltip-content=".submenu_Community">COMMUNITY</a><div class="submenu_Community" style="display: none;" data-submenuid="Community"><a class="submenuitem" href="https://steamcommunity.com/">Home
                                                                                                                                                                                                                2025-03-11 16:45:33 UTC11149INData Raw: 75 6f 74 3b 45 52 45 41 4c 4d 26 71 75 6f 74 3b 3a 31 2c 26 71 75 6f 74 3b 4c 4f 47 49 4e 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 6c 6f 67 69 6e 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 41 56 41 54 41 52 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 61 76 61 74 61 72 73 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 46 52 4f 4d 5f 57 45 42 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 57 45 42 53 49 54 45 5f 49 44 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 43 6f 6d 6d 75 6e 69 74 79 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 42 41
                                                                                                                                                                                                                Data Ascii: uot;EREALM&quot;:1,&quot;LOGIN_BASE_URL&quot;:&quot;https:\/\/login.steampowered.com\/&quot;,&quot;AVATAR_BASE_URL&quot;:&quot;https:\/\/avatars.fastly.steamstatic.com\/&quot;,&quot;FROM_WEB&quot;:true,&quot;WEBSITE_ID&quot;:&quot;Community&quot;,&quot;BA


                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                050100s020406080100

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                050100s0.0051015MB

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                • File
                                                                                                                                                                                                                • Registry

                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                Start time:12:45:07
                                                                                                                                                                                                                Start date:11/03/2025
                                                                                                                                                                                                                Path:C:\Users\user\Desktop\nogtpjadthaw.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\nogtpjadthaw.exe"
                                                                                                                                                                                                                Imagebase:0x790000
                                                                                                                                                                                                                File size:1'315'840 bytes
                                                                                                                                                                                                                MD5 hash:2E070594F72D17ABE15D822ACA9F7D40
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true
                                                                                                                                                                                                                Show Windows behavior

                                                                                                                                                                                                                File Activities

                                                                                                                                                                                                                Show Windows behavior

                                                                                                                                                                                                                Section Activities

                                                                                                                                                                                                                Show Windows behavior

                                                                                                                                                                                                                Registry Activities

                                                                                                                                                                                                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                Show Windows behavior

                                                                                                                                                                                                                Thread Activities

                                                                                                                                                                                                                Show Windows behavior

                                                                                                                                                                                                                Memory Activities

                                                                                                                                                                                                                Show Windows behavior

                                                                                                                                                                                                                System Activities

                                                                                                                                                                                                                Timing Activities

                                                                                                                                                                                                                Show Windows behavior

                                                                                                                                                                                                                Windows UI Activities

                                                                                                                                                                                                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage

                                                                                                                                                                                                                Dynamic/Packed Code Coverage

                                                                                                                                                                                                                Signature Coverage

                                                                                                                                                                                                                Execution Coverage:1.9%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:33.3%
                                                                                                                                                                                                                Total number of Nodes:30
                                                                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                                                                Show Legend
                                                                                                                                                                                                                Hide Nodes/Edges
                                                                                                                                                                                                                execution_graph 57102 2f17931 RtlExitUserProcess 57103 2f17953 57102->57103 57126 84a650 57127 84a664 57126->57127 57128 84a672 NtSetInformationFile 57126->57128 57128->57127 57104 79ed50 57105 79ede0 57104->57105 57105->57105 57106 79ee05 57105->57106 57108 7db860 57105->57108 57109 7db878 57108->57109 57110 7db89a 57108->57110 57111 7db8a5 57108->57111 57112 7db886 57108->57112 57109->57111 57109->57112 57117 7d9a50 57110->57117 57120 7d9a70 57111->57120 57116 7db88b RtlReAllocateHeap 57112->57116 57115 7db8a0 57115->57105 57116->57115 57124 7dd4c0 57117->57124 57119 7d9a5a RtlAllocateHeap 57119->57115 57121 7d9a94 57120->57121 57122 7d9a83 57120->57122 57121->57115 57123 7d9a88 RtlFreeHeap 57122->57123 57123->57121 57125 7dd4e0 57124->57125 57125->57119 57125->57125 57129 84a6b8 57130 84a6cd 57129->57130 57131 84a6eb NtReadFile 57129->57131 57131->57130 57132 7df8a0 57133 7df8b0 57132->57133 57134 7dfa2e 57133->57134 57136 7db8c0 LdrInitializeThunk 57133->57136 57136->57134

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 0 79ed50-79edd8 1 79ede0-79ede9 0->1 1->1 2 79edeb-79edfe 1->2 4 79ee19-79f043 2->4 5 79f188-79f196 2->5 6 79f1bb-79f1c2 2->6 7 79f0de-79f0e2 2->7 8 79ee10 2->8 9 79f1a3-79f1b4 2->9 10 79ee12-79ee14 2->10 11 79ee05-79ee0a 2->11 12 79f1c4-79f1d2 2->12 13 79f0e7-79f181 call 79b1a0 2->13 36 79f050-79f0bf 4->36 14 79f41a-79f425 5->14 15 79f19d 5->15 16 79f43e-79f453 call 7dd8c0 5->16 17 79f455-79f46e call 7dd8c0 5->17 33 79f211-79f22a 6->33 37 79f427-79f433 7->37 8->10 9->6 9->12 9->14 9->15 9->16 9->17 18 79f3d9-79f3e1 call 7db860 9->18 19 79f2fc-79f319 9->19 20 79f35f-79f368 9->20 21 79f3b1 9->21 22 79f337-79f341 9->22 23 79f3f7-79f3fe 9->23 24 79f2d7-79f2ec call 7dd8c0 9->24 25 79f348-79f35d call 7dd8c0 9->25 26 79f36d-79f380 9->26 27 79f2ee-79f2f7 9->27 28 79f2c0 9->28 29 79f320-79f330 9->29 30 79f382-79f3aa 9->30 31 79f405 9->31 32 79f2c6-79f2d0 9->32 34 79f436-79f43d 10->34 11->8 35 79f1e0-79f209 12->35 13->5 13->6 13->9 13->12 13->14 13->15 13->16 13->17 13->18 13->19 13->20 13->21 13->22 13->23 13->24 13->25 13->26 13->27 13->28 13->29 13->30 13->31 13->32 14->37 16->17 53 79f3e6-79f3f0 18->53 19->14 19->15 19->16 19->17 19->18 19->20 19->21 19->22 19->23 19->24 19->25 19->26 19->27 19->28 19->29 19->30 19->31 19->32 20->31 44 79f3b3-79f3b7 21->44 22->14 22->15 22->16 22->17 22->20 22->24 22->25 22->27 22->28 22->32 23->14 23->15 23->16 23->17 23->20 23->21 23->24 23->25 23->27 23->28 23->31 23->32 24->27 25->20 26->44 42 79f40e-79f417 27->42 29->14 29->15 29->16 29->17 29->18 29->20 29->21 29->22 29->23 29->24 29->25 29->26 29->27 29->28 29->30 29->31 29->32 30->14 30->15 30->16 30->17 30->20 30->21 30->24 30->25 30->27 30->28 30->31 30->32 31->42 32->14 32->15 32->16 32->17 32->24 32->27 40 79f230-79f28b 33->40 35->35 39 79f20b-79f20e 35->39 36->36 46 79f0c1-79f0cc 36->46 37->34 39->33 40->40 52 79f28d-79f2ac 40->52 42->14 61 79f3c0-79f3d2 44->61 63 79f0d0-79f0d7 46->63 52->14 52->15 52->16 52->17 52->18 52->19 52->20 52->21 52->22 52->23 52->24 52->25 52->26 52->27 52->28 52->29 52->30 52->31 52->32 53->14 53->15 53->16 53->17 53->20 53->21 53->23 53->24 53->25 53->27 53->28 53->30 53->31 53->32 61->14 61->15 61->16 61->17 61->18 61->20 61->21 61->23 61->24 61->25 61->27 61->28 61->30 61->31 61->32 63->5 63->6 63->7 63->9 63->12 63->13 63->14 63->15 63->16 63->17 63->18 63->19 63->20 63->21 63->22 63->23 63->24 63->25 63->26 63->27 63->28 63->29 63->30 63->31 63->32
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: !q"s$#yZ{$$A-C$0e=g$5]0_$8MnO$:m:o$D)F+$Zu&w$m!M#$pY-[
                                                                                                                                                                                                                • API String ID: 0-2169353099
                                                                                                                                                                                                                • Opcode ID: 5fc71818db6265832e9f4f26af54fada664ace97644ca28ba5245e9bde030b15
                                                                                                                                                                                                                • Instruction ID: de9873114a43fb55e5046959f3bd0429532970c2180077a30a38f6d463f8597e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fc71818db6265832e9f4f26af54fada664ace97644ca28ba5245e9bde030b15
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF0289B1201B41CFD3248F69DC95797BBF6FB89314F158A2DD4AA8BB90DB78A405CB40

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 212 84a710-84a723 213 84a725-84a749 212->213 214 84a74b-84a767 212->214 216 84a76e-84a772 213->216 214->216
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 0084A768
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                • String ID: /?w
                                                                                                                                                                                                                • API String ID: 823142352-2398211592
                                                                                                                                                                                                                • Opcode ID: 4793a65bd7cf3e281705f042eb74e304fe6e69a117ee8ebb8595ea7e9ae098ca
                                                                                                                                                                                                                • Instruction ID: a4499483b73316d4abbc93c7531c5f5b3e5f8b1655660be9113bb19beb4e36e1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4793a65bd7cf3e281705f042eb74e304fe6e69a117ee8ebb8595ea7e9ae098ca
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA0188B6204249BF9B14CE8ADCC5DEBBBACFB8D754B444004BB1997202C230AC51CBB0

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 217 84a634-84a63b 218 84a646-84a64d 217->218 219 84a63d-84a645 217->219
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                • String ID: `+?w
                                                                                                                                                                                                                • API String ID: 3535843008-3099938749
                                                                                                                                                                                                                • Opcode ID: bd20c40532355a8ff1a9874febf1e3c553eb0bd3fb95e2fd401614a4e5b12531
                                                                                                                                                                                                                • Instruction ID: 48894fa358cdfe005c539f30c0b9c811a7a2abb60513814c852c03f0ee7d812f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd20c40532355a8ff1a9874febf1e3c553eb0bd3fb95e2fd401614a4e5b12531
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AB09290E5A3482EDF25D7AA5D0C7D5298DAB88346F08C0847001C2060CB248580F665

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 326 84a6b8-84a6cb 327 84a6cd-84a6e9 326->327 328 84a6eb-84a700 NtReadFile 326->328 329 84a706-84a70a 327->329 328->329
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 0084A700
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                • Opcode ID: 685541bd0a9cc8bc5dc73ed226842128c493012b85d91432e19ee889d45f9919
                                                                                                                                                                                                                • Instruction ID: 63202fad8997c2bfdbf50d114b15cb2a759bdd2e9792a6b8d14d48228d4ca092
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 685541bd0a9cc8bc5dc73ed226842128c493012b85d91432e19ee889d45f9919
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DF0AFB660425DBF9B10CE9ADDC4DEB7B6CFB9D764B448005FA1997202C270AD50CBB1

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 343 84a650-84a662 344 84a664-84a670 343->344 345 84a672-84a677 NtSetInformationFile 343->345 346 84a67d-84a680 344->346 345->346
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtSetInformationFile.NTDLL(?,?,?,?,?), ref: 0084A677
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileInformation
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4253254148-0
                                                                                                                                                                                                                • Opcode ID: b290eab9ba82601d1bc35a709d6f40c39aadf2b94c0d87534d93e206f61571bf
                                                                                                                                                                                                                • Instruction ID: ee85c1d1e7bc9ba799c19aa3a3c22769e46816367f84d2037ab5aee9b160b33f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b290eab9ba82601d1bc35a709d6f40c39aadf2b94c0d87534d93e206f61571bf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CE0C2A16241187EE724576BDC0CDE77F7CEBDA7B0B058019B408D7100C260AC00C2B0

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 353 7db8c0-7db8ec LdrInitializeThunk
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LdrInitializeThunk.NTDLL(007DF7A3,011A3ED0,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 007DB8E6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                • Opcode ID: 1bd4fc5ecdf777846d4c2a75aad9f9b4c83d5fcb34c3ccd9b36bd66a00fc2bcd
                                                                                                                                                                                                                • Instruction ID: a8ccfea638103c11df03cfaac6ceaae75cd880d94a5b697ca386048228502289
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bd4fc5ecdf777846d4c2a75aad9f9b4c83d5fcb34c3ccd9b36bd66a00fc2bcd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71E02D71908216EF9E04CF45C64445EFBE5AB84718F11888DA48863220C3B0BE4AEB82
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: \\.\
                                                                                                                                                                                                                • API String ID: 0-2900601889
                                                                                                                                                                                                                • Opcode ID: 48ba45aeff8bcbd7c1374a12482a26cb7f93b9c0e4e9092606bf1a44b7d89e36
                                                                                                                                                                                                                • Instruction ID: 8b80b7d9fecfa5ff6efc5d9eee02c2a260b0a4b217eb304bbc8cf5ce8c214f87
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48ba45aeff8bcbd7c1374a12482a26cb7f93b9c0e4e9092606bf1a44b7d89e36
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1512A70A0021CDBDB25EB24CC85BEEB7B9AF49700F1045A1E608E7791DB74AE95CF51
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 5dbabf60b5e3105b81204478276134a213c02ca571a08b05bf5f67d7f9755667
                                                                                                                                                                                                                • Instruction ID: 7385f66a5cd23ef333d8a0f6ad71defe46b58d0a0828d8152f929cc9e2b0821a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dbabf60b5e3105b81204478276134a213c02ca571a08b05bf5f67d7f9755667
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28113975D0160CFBCF41AB98C8849EDBBBAFF58720F1049C1B554A7291DB318A509B51
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 07a2b4f9a2af926504e180ffd17602e6afbcc797d04cbc82085d4e67e840ea34
                                                                                                                                                                                                                • Instruction ID: 499589eefa48270b4d0a9cc8e6b8141e7cb605e5c5fa3a19159486f0abdf9332
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07a2b4f9a2af926504e180ffd17602e6afbcc797d04cbc82085d4e67e840ea34
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B01FC70604228ABC715EB38DD55AEA77ECFB4C310F4045B1B61DD7362D6345E408950
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 09b5d102a133842556b193053f5de286db46d1de97e982ea93665c7b990029db
                                                                                                                                                                                                                • Instruction ID: 6be3435a1c8ce3eda651fb14365958fd103a519f511669aa4717fe6fbd1b6456
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09b5d102a133842556b193053f5de286db46d1de97e982ea93665c7b990029db
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBD0C9B310020DAB8B11EEFCDD45DDB33DCEA18610B00892ABE15C7242EF34E9248BB1

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 320 2f17931-2f17946 RtlExitUserProcess 321 2f17953-2f17a2c 320->321
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RtlExitUserProcess.NTDLL(?,77E8F3B0,000000FF), ref: 02F17940
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1306676816.0000000002F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2f10000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExitProcessUser
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3902816426-0
                                                                                                                                                                                                                • Opcode ID: 1eca6f29a6a5f21940fdae875352023f3ffd182e9330f1bfd6c8504702f08d53
                                                                                                                                                                                                                • Instruction ID: 545e2dda52c739090c86af2847dbefc522692a35a2139bd19823a56550ac6983
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1eca6f29a6a5f21940fdae875352023f3ffd182e9330f1bfd6c8504702f08d53
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6931F6B6D1060CEFDB01CFD1C844BEEBBB8FB14336F20861AE525A6190D7785A098F60

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 331 7db860-7db871 332 7db878-7db87f 331->332 333 7db89a-7db89b call 7d9a50 331->333 334 7db8a5-7db8a6 call 7d9a70 331->334 335 7db886-7db898 call 7dd4c0 RtlReAllocateHeap 331->335 332->334 332->335 341 7db8a0-7db8a3 333->341 339 7db8ab-7db8ae 334->339 342 7db8b0-7db8b2 335->342 339->342 341->342
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RtlReAllocateHeap.NTDLL(?,00000000,?,00000000,?,00000000,0079F3E6,00000000,00000001), ref: 007DB892
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                • Opcode ID: da77c0fcb001e89f0beee6108c26391e48fc32230f33d40992d18d488698a120
                                                                                                                                                                                                                • Instruction ID: ba46d9bc003a1ef9874a1c9ab688d6dd5c8786c04d9f2759bc6a681c285aa187
                                                                                                                                                                                                                • Opcode Fuzzy Hash: da77c0fcb001e89f0beee6108c26391e48fc32230f33d40992d18d488698a120
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8E0E5365141A1EBD2101F38BC0AA273A78DFC6710F068436F80956251DB3DE801C2EA

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 348 7d9a70-7d9a7c 349 7d9a94-7d9a95 348->349 350 7d9a83-7d9a8e call 7dd4c0 RtlFreeHeap 348->350 350->349
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000,?,007DB8AB,?,0079F3E6,00000000,00000001), ref: 007D9A8E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                • Opcode ID: c91abace2d552d7380079c95985a3ebeef75ab59c9b5fb0f3acde6c53526da81
                                                                                                                                                                                                                • Instruction ID: 5e19f64b24d8c54f95f5b6d60914bcd974baa01b8fb4e758925d2fb1b0f4d66e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c91abace2d552d7380079c95985a3ebeef75ab59c9b5fb0f3acde6c53526da81
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63D01231445122EBC6201F18FC0AB9F3BB4EF09720F078451B4086F175C639EC51C6D4

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 354 7d9a50-7d9a67 call 7dd4c0 RtlAllocateHeap
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000,?,?,007DB8A0), ref: 007D9A60
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                • Opcode ID: a3722e9d66e27cf02827f24bc5037601499bba43e74342163d2057096fc393e9
                                                                                                                                                                                                                • Instruction ID: 93032546e4bba92ed98f78967f47a65bcab33f4be9a3a6edb3d7ed1da2b27faf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3722e9d66e27cf02827f24bc5037601499bba43e74342163d2057096fc393e9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79C09B31055120EBC5602B14FC09FCE3F74DF45361F014091B408671B1C7747C82C6D4

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: %.2d$%AppName%$%AppVers%$%CU_EXECPR%$%CU_EXTFILES%$%CU_INSTSERV%$%CU_VIRTTOOLS%$%CU_WINVER%$%DaysToKeyExp%$%HardwareID%$%KeyExpDay%$%KeyExpMonth%$%KeyExpYear%$%RegKey%$%RegName%$%TrialDaysLeft%$%TrialDaysTotal%$%TrialEndDay%$%TrialEndMonth%$%TrialEndYear%$%TrialExecMinsLeft%$%TrialExecMinsTotal%$%TrialExecsLeft%$%TrialExecsTotal%$%TrialExpDay%$%TrialExpMonth%$%TrialExpYear%$%TrialStartDay%$%TrialStartMonth%$%TrialStartYear%
                                                                                                                                                                                                                • API String ID: 0-4160824473
                                                                                                                                                                                                                • Opcode ID: e281366c981add358b251b998fb9393ba20b1b3cf39105e26343d85773303715
                                                                                                                                                                                                                • Instruction ID: a3aa924814b5d126d563de45ce2ed25b84999980608fa102a3da0b28d02d5171
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e281366c981add358b251b998fb9393ba20b1b3cf39105e26343d85773303715
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C62E934A00158DFDB10EB94D895FEDB7B9FF88300F1050A9A658D7356DA34AE8ACF61
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: &u!w$0e;g$6EG$;i7k$XY$aurs$I$
                                                                                                                                                                                                                • API String ID: 0-2717712644
                                                                                                                                                                                                                • Opcode ID: 5ff63e602d408999a413a8e73c59cd627b1e9aad4a5c0d9794e5176dce62c8e4
                                                                                                                                                                                                                • Instruction ID: 5e4411b361e3e15c49f9c4a807026c041a49dd96d04719ea077946572ba66728
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ff63e602d408999a413a8e73c59cd627b1e9aad4a5c0d9794e5176dce62c8e4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7672CF72A183518FE314CF29C88175BFBE2EFC9310F19892EE5999B351D678D805CB92
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: !@ $!_(i$`$px}
                                                                                                                                                                                                                • API String ID: 0-2619104984
                                                                                                                                                                                                                • Opcode ID: e6bbf184608d654dabd94cde355ecf3f202128866bafc5e47304b3824012f9bd
                                                                                                                                                                                                                • Instruction ID: b381c3b7a19f8e3969800f82345f8c9d5994d4b56fa91f72bb9e8c59c074860a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6bbf184608d654dabd94cde355ecf3f202128866bafc5e47304b3824012f9bd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E553D375608B40CFD324DF38C585756BBE1AF9A310F098A6DD5EA8B3A2D738E405CB52
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: $$%"#$:m2y$?m2y$}
                                                                                                                                                                                                                • API String ID: 0-169198592
                                                                                                                                                                                                                • Opcode ID: fb06aa3c88cec674983223f926c473fb5d08356e9a47bef9fad3311e8c07365c
                                                                                                                                                                                                                • Instruction ID: fc605ed423acae365adb33fd180fe4371ba01028e6a8011ff936adfa886c577e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb06aa3c88cec674983223f926c473fb5d08356e9a47bef9fad3311e8c07365c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDE10371608301EFD711DF24CC85B9ABBE2AF99354F148A2DF4D89B2A1D73AD944CB42
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: A$),~$S7C
                                                                                                                                                                                                                • API String ID: 0-4288236831
                                                                                                                                                                                                                • Opcode ID: ce8902d42f0633d2799f9164c9257db1e21ac5d54d5b01ed0daa3b4fa4e534b0
                                                                                                                                                                                                                • Instruction ID: bd36473ba66d18078d07d238248c28efc88f7fb82309224a3ada1ba0480ce889
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce8902d42f0633d2799f9164c9257db1e21ac5d54d5b01ed0daa3b4fa4e534b0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CA19BB550D3918BE338CF2A889179BFBE2AFD6314F18895DC4C88B345DB754906CB82
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: B$C$E
                                                                                                                                                                                                                • API String ID: 0-1321444221
                                                                                                                                                                                                                • Opcode ID: 493ad6c1052eddc00e480e77169bb5e84ca7ce19062fbf639d22605e7bcf88f0
                                                                                                                                                                                                                • Instruction ID: d3fb7f1375f3dea0948cec98bf8b0b807e1d781925d1774c77def3bc33d004bf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 493ad6c1052eddc00e480e77169bb5e84ca7ce19062fbf639d22605e7bcf88f0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37812B33B59AD047D3188D3C8C913AAAA835BD6230B2EC77DEAB58B3E6D56C4C064351
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQueryDirectoryFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 0084A3C4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DirectoryFileQuery
                                                                                                                                                                                                                • String ID: -?w
                                                                                                                                                                                                                • API String ID: 3295332484-2373261926
                                                                                                                                                                                                                • Opcode ID: e9e361560e22ae23366a3139761306b5c5cd0e6c803a20a98ac581e3f8703d0d
                                                                                                                                                                                                                • Instruction ID: dc2a72726e81c7b2f3b2f82b76ea330b671bf0f04ded377eeb1a7a52c866c8b5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9e361560e22ae23366a3139761306b5c5cd0e6c803a20a98ac581e3f8703d0d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F019AB265529D7F9B10CE9ADCC4DEBBBADFB9E254B484444BA58D7202C230AC51C770
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtNotifyChangeKey.NTDLL(?,?,?,?,?,?,?,?,?,?), ref: 0084A1D0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ChangeNotify
                                                                                                                                                                                                                • String ID: <?w
                                                                                                                                                                                                                • API String ID: 3893256919-985178741
                                                                                                                                                                                                                • Opcode ID: 87fa64820a348acd44d7cd2a7bdc790671bddd10c38f87b8a644f35e90ec64c4
                                                                                                                                                                                                                • Instruction ID: cbabe38d446381be34e91f4ab3f263dfa91d225a01a4167383b1d176b465a6a6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87fa64820a348acd44d7cd2a7bdc790671bddd10c38f87b8a644f35e90ec64c4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C401CDF624518D7F9B11CE9ADCC5DEBBF6DFB9E254B484045BA5987201C130AC50C7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtLockFile.NTDLL(?,?,?,?,?,?,?,?,?,?), ref: 0084A4DC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileLock
                                                                                                                                                                                                                • String ID: 0;?w
                                                                                                                                                                                                                • API String ID: 3169042693-1877926767
                                                                                                                                                                                                                • Opcode ID: 2a8fbd76f6e8a80da75fa99f8a3a8aef2638b6548a6f0638a36413f4f449b98b
                                                                                                                                                                                                                • Instruction ID: 4f5e46d26de2fca642ce7f216c3204ef3ec324171226bd8addd9621be1f9425a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a8fbd76f6e8a80da75fa99f8a3a8aef2638b6548a6f0638a36413f4f449b98b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2301C2A664518D7F9B118E9ADCC8DEBBFACFB5E294B444005BA5887201C170AC51C7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtDeviceIoControlFile.NTDLL(?,?,?,?,?,?,?,?,?,?), ref: 00849BA0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ControlDeviceFile
                                                                                                                                                                                                                • String ID: *?w
                                                                                                                                                                                                                • API String ID: 3512290074-2285505763
                                                                                                                                                                                                                • Opcode ID: 672496331ef4a9952e6653b6961cfe63280c657d88c8c24e32bd674f17d058e8
                                                                                                                                                                                                                • Instruction ID: e4e45fa16a0d0dd8facab394789edfa556311a689ac8ca5e601afefa33ff4b36
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 672496331ef4a9952e6653b6961cfe63280c657d88c8c24e32bd674f17d058e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA016BB660425DBF9B10CE8ADCC4DEBBBACFB9D664B444005BB1897201C230AC50D7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtFsControlFile.NTDLL(?,?,?,?,?,?,?,?,?,?), ref: 00849EBC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ControlFile
                                                                                                                                                                                                                • String ID: .?w
                                                                                                                                                                                                                • API String ID: 1795486800-622515563
                                                                                                                                                                                                                • Opcode ID: 083758f4784a5d0d550a847c267ce13e1f363d7bd844bf3e58dc76613df59330
                                                                                                                                                                                                                • Instruction ID: 3d447695fbfd499b41cb637700588487f1d2e9cea483923550a47f53da78cf0b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 083758f4784a5d0d550a847c267ce13e1f363d7bd844bf3e58dc76613df59330
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B016FB660425DBF9710CE8ADCC4DEBBB6CFB8D694B444415BB5897211C270AC50C7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtCreateProcessEx.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00849CE8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                                                • String ID: `/?w
                                                                                                                                                                                                                • API String ID: 963392458-3217876833
                                                                                                                                                                                                                • Opcode ID: 16c9471c0184fd4ab4c2a15c6bb1c1c7e0a2ec072c2fe1fea479cefd24dddb1f
                                                                                                                                                                                                                • Instruction ID: 05d5080c2514efaac0ca678a9eb275dc5c7f16124d8c79d99da3b87a82a38e32
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16c9471c0184fd4ab4c2a15c6bb1c1c7e0a2ec072c2fe1fea479cefd24dddb1f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAF09CB660435DBF9B10CE8ADCC8DEB7BACFB8D7A4B448005BA1887241C270AD50D7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtCreateThread.NTDLL(?,?,?,?,?,?,?,?), ref: 00849C24
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                • String ID: p/?w
                                                                                                                                                                                                                • API String ID: 2422867632-4023759102
                                                                                                                                                                                                                • Opcode ID: 394c3146ffe156c7d3566a7de59590d38c8d1fdfa1008a8c7f4a14f088ec331d
                                                                                                                                                                                                                • Instruction ID: 2ae5af04635ccc0032a42f5231252dc85f17d47dbdba7066d88b3c9c2639f641
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 394c3146ffe156c7d3566a7de59590d38c8d1fdfa1008a8c7f4a14f088ec331d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97F0F4F661514C7F9B109E96DCC8DE77FACEB8E7A4B448459FA4987101C270AD50C7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtCreateProcess.NTDLL(?,?,?,?,?,?,?,?), ref: 00849C90
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                                                • String ID: 6?w
                                                                                                                                                                                                                • API String ID: 963392458-925837219
                                                                                                                                                                                                                • Opcode ID: aa3efefba686f83b0b5241e88f5a9f58b6518d778c3540108484c36914f2d6f5
                                                                                                                                                                                                                • Instruction ID: db0593ac8e0c051a4ac8dc8129d390846ea873cef32624ae8f799628bb5676b9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa3efefba686f83b0b5241e88f5a9f58b6518d778c3540108484c36914f2d6f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65F0D0B660424DBF9B10DE8ADCC8DE77BACFB8D7A4B444005FA0887151C230AC50D7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtAccessCheck.NTDLL(?,?,?,?,?,?,?,?), ref: 00849F44
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AccessCheck
                                                                                                                                                                                                                • String ID: p*?w
                                                                                                                                                                                                                • API String ID: 3492747997-3911086613
                                                                                                                                                                                                                • Opcode ID: 6698297d7d768b7d846aab572629e0c2e3272b9c31bd5db9822cd52f3925d073
                                                                                                                                                                                                                • Instruction ID: bbd40d4ac24e01f72521a35f7e2ffe191e200070c103547408f168cae7a1a6ec
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6698297d7d768b7d846aab572629e0c2e3272b9c31bd5db9822cd52f3925d073
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFF0B7B660525DBF9720CF8ADCC8DEB7BACEB8D6A4B448005FA0887201C270AC50D7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtCreateKey.NTDLL(?,?,?,?,?,?,?), ref: 0084A060
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                                                • String ID: `,?w
                                                                                                                                                                                                                • API String ID: 2289755597-3179960632
                                                                                                                                                                                                                • Opcode ID: 29eb3bc5557408c54c868e8d14a9de610240ec8876e97fc5914a0efe9c017fdf
                                                                                                                                                                                                                • Instruction ID: 5255a451373eae98ccb926ed87b75421f7c5aab4489ca814b506bc40e1372efa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29eb3bc5557408c54c868e8d14a9de610240ec8876e97fc5914a0efe9c017fdf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64F01CB660420CBFA714CA86EC88DEB7F6CEB897A4F008009BA1887151C271AD40C7B1
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtDuplicateObject.NTDLL(?,?,?,?,?,?,?), ref: 0084A42C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DuplicateObject
                                                                                                                                                                                                                • String ID: P.?w
                                                                                                                                                                                                                • API String ID: 3677547684-1311077879
                                                                                                                                                                                                                • Opcode ID: 76471de057bbe39ffb6c5bbe4a46bd42a1c5f20341d14f8dc41937ce46c662ce
                                                                                                                                                                                                                • Instruction ID: cb2a7bae7b5af63a88b57a50fbe94b4f1e60ae44af07180e7236209b030a2a43
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76471de057bbe39ffb6c5bbe4a46bd42a1c5f20341d14f8dc41937ce46c662ce
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99F01CB660421C7FA7109A86DC8CDEB7B6CFB8A7A4B408415FA18C7101C270AD00C7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtCreateSection.NTDLL(?,?,?,?,?,?,?), ref: 0084A624
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateSection
                                                                                                                                                                                                                • String ID: 0/?w
                                                                                                                                                                                                                • API String ID: 2449625523-1958865091
                                                                                                                                                                                                                • Opcode ID: 9ffa7ac38cf9f94c2dfc40916e7a8e7b6af21149d98928021047399e29469e3d
                                                                                                                                                                                                                • Instruction ID: fb82890ced8f5e3785fb4281a3b1fde0fd66e4777b247dc417225ff9139c871d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ffa7ac38cf9f94c2dfc40916e7a8e7b6af21149d98928021047399e29469e3d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60F01CB660425C7FA7108F96DC88DE77B6CEB8A7A4B448005F60887102C270AC00C7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQueryValueKey.NTDLL(?,?,?,?,?,?), ref: 0084A018
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                                                • String ID: +?w
                                                                                                                                                                                                                • API String ID: 3660427363-2314757844
                                                                                                                                                                                                                • Opcode ID: 9d1f64317058f4ac17e3ad3e70e4e0adaea685583a52773f1c1ce6f9baaaad91
                                                                                                                                                                                                                • Instruction ID: 40bc716eae91d067e63f39ca0cc60a44c708ad2c3a54b0149989a87d3b4ad291
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d1f64317058f4ac17e3ad3e70e4e0adaea685583a52773f1c1ce6f9baaaad91
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDE012B260515CBFA7149B46EC88DFB7F6CEBC97A4B148019F50587151D171AC40D7B1
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQueryObject.NTDLL(?,?,?,?,?), ref: 0084A35F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ObjectQuery
                                                                                                                                                                                                                • String ID: p+?w
                                                                                                                                                                                                                • API String ID: 2748340528-3906738210
                                                                                                                                                                                                                • Opcode ID: 1a26385fe547b450c58bf505e1827c39f6cda17b03047bf97c28bb1f82e7204b
                                                                                                                                                                                                                • Instruction ID: d7ebda73745eab44d8d6247bfa0eb61a9f25abd11f3fef82d499c49ae212e2d5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a26385fe547b450c58bf505e1827c39f6cda17b03047bf97c28bb1f82e7204b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79E0C2B2A051587ED7345B5AAC0CEE7BF6CEBE67B0B048419B418D3210D270AC00D2B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtUnlockFile.NTDLL(?,?,?,?,?), ref: 0084A513
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileUnlock
                                                                                                                                                                                                                • String ID: 0G?w
                                                                                                                                                                                                                • API String ID: 45017762-839217755
                                                                                                                                                                                                                • Opcode ID: 903644e0521c45a548e831c45813e973c0aa5a6e19d16603b449a5f016383018
                                                                                                                                                                                                                • Instruction ID: 94a70dc045908b677b27737df39cfc4e9247e62dd54eb15edb20ddf34567f4dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 903644e0521c45a548e831c45813e973c0aa5a6e19d16603b449a5f016383018
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00E08CA1A48258BAE724579A9C0CDF77F6CEBC27B0B088019B418D3100D260AD01D2B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQueryVolumeInformationFile.NTDLL(?,?,?,?,?), ref: 0084A463
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileInformationQueryVolume
                                                                                                                                                                                                                • String ID: /?w
                                                                                                                                                                                                                • API String ID: 634242254-618184540
                                                                                                                                                                                                                • Opcode ID: b8a545077a167f333e2dbdd611d86c11ab7401ce7f221593ba016f745b33f4c6
                                                                                                                                                                                                                • Instruction ID: d6abb346ba23ccb12bc5f7c290a97566f1bcbd229ccda5d695ef53df37f9ee42
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8a545077a167f333e2dbdd611d86c11ab7401ce7f221593ba016f745b33f4c6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41E08CA16141187A9224578A9D0CEEB7F6CDBC27B0B008029B558E2101C2B1AD00C2B4
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQuerySecurityObject.NTDLL(?,?,?,?,?), ref: 00849E07
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ObjectQuerySecurity
                                                                                                                                                                                                                • String ID: @@?w
                                                                                                                                                                                                                • API String ID: 718582247-1551221826
                                                                                                                                                                                                                • Opcode ID: d634f269bed3a29e185256f1998c8ce10018e59590e1de5a80e9aea37a2e2654
                                                                                                                                                                                                                • Instruction ID: c3906abca7ad9f46206ce2f4fa558a30a3122964c8d52e7bd686c85f82286d54
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d634f269bed3a29e185256f1998c8ce10018e59590e1de5a80e9aea37a2e2654
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7E0C2B16042287EE320974AEC0CDE77FACDBC27B0B008069F449D3100D2A0AD80C2F0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtTerminateProcess.NTDLL(?,00000000), ref: 0084A2D9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ProcessTerminate
                                                                                                                                                                                                                • String ID: P-?w
                                                                                                                                                                                                                • API String ID: 560597551-1281608622
                                                                                                                                                                                                                • Opcode ID: 8fd684f61145dbd4691ad85a322f7f1399000755fd081da308ef3dd90a72560e
                                                                                                                                                                                                                • Instruction ID: df91fb44cb75c35cd36a390e5a77c61b93031217b525e69e005b6992679d15a6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fd684f61145dbd4691ad85a322f7f1399000755fd081da308ef3dd90a72560e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BC048D0E592947AEE1993A85E0CBB629AC97C2712F04C08870A8C10A2DAA84842F621
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtUnmapViewOfSection.NTDLL(00000000), ref: 0084A551
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: SectionUnmapView
                                                                                                                                                                                                                • String ID: 0-?w
                                                                                                                                                                                                                • API String ID: 498011366-2001026221
                                                                                                                                                                                                                • Opcode ID: 9e295d0d2622235da32fe712863e5e05f0439549de9f165cbd5fbe8d6a6a01ac
                                                                                                                                                                                                                • Instruction ID: 863382e19b239a62d0b8b677544fbb7a968b1730a38c00b43a03daf0e0184320
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e295d0d2622235da32fe712863e5e05f0439549de9f165cbd5fbe8d6a6a01ac
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29C04CD0E1814439EE1693A85E0CBB6255E97C0B05F0584487050C1065C664DA44E321
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: 0$8
                                                                                                                                                                                                                • API String ID: 0-46163386
                                                                                                                                                                                                                • Opcode ID: 02a6200c8b2449dd38a75b89d790011da218abbf87e142003d39d859e5145057
                                                                                                                                                                                                                • Instruction ID: e9a36a6675dd2b94edb3d57415a57e87e097ac02a5b9109ae85970df42d50d3a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02a6200c8b2449dd38a75b89d790011da218abbf87e142003d39d859e5145057
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC7243711083409FDB54CF18D884BAABBE1BF89314F04892DF8998B392D779D959CB93
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: ? $\#
                                                                                                                                                                                                                • API String ID: 0-2480481878
                                                                                                                                                                                                                • Opcode ID: 477f6d63fb6292eef42ebd80aa39452923bd33246c569d7b342c363ebc280377
                                                                                                                                                                                                                • Instruction ID: 080845f5c99f100f6c68a4a483c7ae0d36082a44a9903f8cd6dcc5a0c6bc9fff
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 477f6d63fb6292eef42ebd80aa39452923bd33246c569d7b342c363ebc280377
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 457237B0616B808FD365CF39C8917A3BBE9AB59304F14486ED1EEC7342CB78A541CB56
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: 0$ZwQuerySection, Unsupported class %d
                                                                                                                                                                                                                • API String ID: 0-2380292483
                                                                                                                                                                                                                • Opcode ID: 372e837c3582d61d11dd4a0ff3b2395e5ed7eef2c1e104001701f89a2f5e8761
                                                                                                                                                                                                                • Instruction ID: 09ae19f45a992c9aaee7cbf2ffa37b828a611cd6b5e79a4e2e23b5b9f8a04fa3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 372e837c3582d61d11dd4a0ff3b2395e5ed7eef2c1e104001701f89a2f5e8761
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AF1D0B4A40249DFDB04DF68C980AAAB7F1FF49304F2585A9E814EB351DB34ED41CB65
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: #$ZwQueryValueKey, unsupported class %d
                                                                                                                                                                                                                • API String ID: 0-453009116
                                                                                                                                                                                                                • Opcode ID: f56de002ff7ec9cabf381918651432c9e83b221312d939dd9199c5e3f2b4cc05
                                                                                                                                                                                                                • Instruction ID: a812a21dc3716370dc55f5679d697f7e51a211c323b8bb6b10a7024899966e16
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f56de002ff7ec9cabf381918651432c9e83b221312d939dd9199c5e3f2b4cc05
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CB1C674A00509AFDB40EFA8C886AAEB7F5FF88314F14C169A914DB315DB74EE41CB91
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                • Opcode ID: 65fd4bac815d7df12c107934dc088f07f1081b9cf58d3441747d8e15189e9d42
                                                                                                                                                                                                                • Instruction ID: 5e9f1d734ebb048135859fe140f47631c4f4265758fc31fdf4f89f528da350f8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65fd4bac815d7df12c107934dc088f07f1081b9cf58d3441747d8e15189e9d42
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09C2F671A086918FC719CB3CC89439DBFE1AB96324F1983ACD4A99B3D1D7789841CB91
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                • Opcode ID: cdc6b0ac0583f73ff55a2437943e5d23bc6cb4bd592f5b03fc81500c2fb9aa22
                                                                                                                                                                                                                • Instruction ID: 2d91317b761e2604b64c836b050c117d95c673404ea2f7d3998fe9aa9ea5ba01
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cdc6b0ac0583f73ff55a2437943e5d23bc6cb4bd592f5b03fc81500c2fb9aa22
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E482E134A00608DFCB04DFA8C589AAEB7F1FF49310F2685A4E855DB366DB70AE41DB51
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: MZP
                                                                                                                                                                                                                • API String ID: 0-2889622443
                                                                                                                                                                                                                • Opcode ID: 0e8d8ddb83c184bd7e8461b9246ff63f63c55d58a959126d0e016a669ac3a08e
                                                                                                                                                                                                                • Instruction ID: a91cd6685d9785496ee9020531cb78e985e128ab2d9e63be9a045855970518ed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e8d8ddb83c184bd7e8461b9246ff63f63c55d58a959126d0e016a669ac3a08e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3112D374A00209DFDB14EFA8C885FAEB7B5FB48700F148165E604EB395DB74AD42CBA1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: a
                                                                                                                                                                                                                • API String ID: 0-3904355907
                                                                                                                                                                                                                • Opcode ID: 23bbc67ec9f2f440247ac80384d749b4914663c150ffd07948e5e144918d0d2b
                                                                                                                                                                                                                • Instruction ID: 5253a4456a539414856cdf870978094816ea57d4edc35407357bfee9dc87d535
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23bbc67ec9f2f440247ac80384d749b4914663c150ffd07948e5e144918d0d2b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0CE17570A18300DFDB18CF18D884B6ABBE1BF88314F14892DF98997251E778EC45CB92
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtCreateUserProcess.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 00849D50
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateProcessUser
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2217836671-0
                                                                                                                                                                                                                • Opcode ID: f443d7a06a20c18c3b06d7af3f8d7422094a529293eeec764a38d788a561bfce
                                                                                                                                                                                                                • Instruction ID: efdc9b246bf1ea006772abb774783431084560e1116d14354b1500458b67bf61
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f443d7a06a20c18c3b06d7af3f8d7422094a529293eeec764a38d788a561bfce
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 460148B6604259BF9B10CE8ADCC4DDBBBACFB8D664B844415BB1897242C270AC51CBB0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,?,?,?,?), ref: 0084A5DC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: SectionView
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1323581903-0
                                                                                                                                                                                                                • Opcode ID: 1d0bf77d148e5e99b67879033a2387986edf96b2128e3cf390a308142d82cb98
                                                                                                                                                                                                                • Instruction ID: ba4fc2eca9dbd9740898cc93ce847eb91c215d350c33c795f41a591266f5bbe7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d0bf77d148e5e99b67879033a2387986edf96b2128e3cf390a308142d82cb98
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1017DB660425DBF9B14CE8ADCC5DEBBB6CFB8D794B444005BB1997202C270AC50CBB1
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtWriteFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 0084A328
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                                                • Opcode ID: 73eb464776159fe33eebce360b03645534a2139363bb1525225538a538a71f67
                                                                                                                                                                                                                • Instruction ID: 9972310571abddb1e78b63c4f6962c9ebab0c5ce1bc23f97a94ddd44bf6650bb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73eb464776159fe33eebce360b03645534a2139363bb1525225538a538a71f67
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13F09CB664424DBF9710CE8ADCC8DEB7B6CFB8D764B548409BA1897201C270AD50C7B1
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtNotifyChangeDirectoryFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00849E5C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ChangeDirectoryFileNotify
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1357473996-0
                                                                                                                                                                                                                • Opcode ID: 0b40ab1b0f4a0ce7d87ae61666b68c40969ca7b7ede04179a703dd0f90d0fc8a
                                                                                                                                                                                                                • Instruction ID: ba0ff413497ce0646d98f9b6293542ffda1e0e2d770947ee4f07969a487c66c4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b40ab1b0f4a0ce7d87ae61666b68c40969ca7b7ede04179a703dd0f90d0fc8a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EF0AFB660525D7F9710CE9ADCC4DEB7B6CFB9D6A4B448015FA5897202C270AD50C7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtSetValueKey.NTDLL(?,?,?,?,?,?), ref: 0084A0E0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                • Opcode ID: 91bead0aa1ad51737e4bd1e2a7d6bc8b66871dc3998e76d10f943dbf44623bf9
                                                                                                                                                                                                                • Instruction ID: 0e5d0e9004a750f9391978c94b266ee28506f5889046f4eaebc783b9b6051602
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91bead0aa1ad51737e4bd1e2a7d6bc8b66871dc3998e76d10f943dbf44623bf9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EE012B664425CBFA7148B56DC48DF77F6DEBCA7A4F048019B50887150C1716C40D7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtEnumerateKey.NTDLL(?,?,?,?,?,?), ref: 0084A0A0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Enumerate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 304946047-0
                                                                                                                                                                                                                • Opcode ID: 532923a7ec305fb397a912691510be7928e172de7d8dc56226e9eb3bec2ae29a
                                                                                                                                                                                                                • Instruction ID: e4d75d7fa7e68cc4b6fa76a84f6bdfaf87ce71b9bee4ee91c8fa5117babd4765
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 532923a7ec305fb397a912691510be7928e172de7d8dc56226e9eb3bec2ae29a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93E012B361425CBFA7258B56DC49DE77F6CEBC57A4B008019B50487191C1716C40C7B1
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQueryMultipleValueKey.NTDLL(?,?,?,?,?,?), ref: 0084A210
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MultipleQueryValue
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 23559346-0
                                                                                                                                                                                                                • Opcode ID: 7b80b8664be8637144b6ddb9057eda554d130cad5d092f73b832bc6c8deb002b
                                                                                                                                                                                                                • Instruction ID: 8c5a4fe66d3a338d9aafd715953ce102a3badc58f85a7b61ef50f7b5c97301bc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b80b8664be8637144b6ddb9057eda554d130cad5d092f73b832bc6c8deb002b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41E012B260515C7FA7148B96DC88DEB7F6DEBC97A4B408019F50487141D2716D40D7B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtOpenFile.NTDLL(?,?,?,?,?,?), ref: 0084A7A8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2669468079-0
                                                                                                                                                                                                                • Opcode ID: 0a8816444154f82ab67294dcb9c67d15fccb9e38f9cb0f0fc63beceb65ac61b6
                                                                                                                                                                                                                • Instruction ID: 4a9abe2562cc529c8c8bb606f0412fac14e55124cfb4bdb9bf328090a04077de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a8816444154f82ab67294dcb9c67d15fccb9e38f9cb0f0fc63beceb65ac61b6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82E0EDA665925C7FA6249B86DC8CDF77F6CEBC67B4B008419B50587141C1706C40C6B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtEnumerateValueKey.NTDLL(?,?,?,?,?,?), ref: 00849FA4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EnumerateValue
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1749906896-0
                                                                                                                                                                                                                • Opcode ID: 565b4baa00c36f2046c0f61a0d31bb8dedba3f2bee4d4f3b15a785ff8cf955f6
                                                                                                                                                                                                                • Instruction ID: 386bff2a2e7a7f06fee054f7bf8a2fa5b8cc036b33a49df5169a7cdd1b354771
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 565b4baa00c36f2046c0f61a0d31bb8dedba3f2bee4d4f3b15a785ff8cf955f6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBE0EDA261425CBFA7209B56DC8CDE77F6CEBCA7A4B008019F515C7141C671AC45C6B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQuerySection.NTDLL(?,?,?,?,?), ref: 0084A57F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QuerySection
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1985485932-0
                                                                                                                                                                                                                • Opcode ID: b6b128c01b80131f1ceaa4bfa7a56fcc822d3212494096e8a9fc08250a8829e4
                                                                                                                                                                                                                • Instruction ID: 25f385e0936595dacdce567c1a5a8d77d43f5c5971e7e4974b87278f878f3724
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6b128c01b80131f1ceaa4bfa7a56fcc822d3212494096e8a9fc08250a8829e4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3E08CA1A082287E9624579A9D0CEEB7F7CEBC67B0B008019B418D2101C260AD04C2B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQueryInformationFile.NTDLL(?,?,?,?,?), ref: 0084A6AB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileInformationQuery
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 365787318-0
                                                                                                                                                                                                                • Opcode ID: d12b113aefd942643d1aa87980fdf01c886bfaf3c242b3d5b58d06f77b9b2362
                                                                                                                                                                                                                • Instruction ID: 471a8d51c4489a33748a6b4f489b798b91a7232282aa61666c67806436ceb000
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d12b113aefd942643d1aa87980fdf01c886bfaf3c242b3d5b58d06f77b9b2362
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EE08CA1A042287E9624564BDC0CEE77F6CEBDA7B0B058019F808D3100C260AC44C2B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 00849BD7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InformationProcessQuery
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1778838933-0
                                                                                                                                                                                                                • Opcode ID: 87ce55d5e6cc9f5485f6415b073b5028157cc8bf5bd94878b391ada0d227d773
                                                                                                                                                                                                                • Instruction ID: 5a780d3d9a6e1c21776a1006b951fad465ba8a370165905ef9ad44617079a020
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87ce55d5e6cc9f5485f6415b073b5028157cc8bf5bd94878b391ada0d227d773
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39E012A261416C7EE7205B9AAC0CDE77FACDBC67B0B04C55DF488D3550C270AC50D6B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtSetVolumeInformationFile.NTDLL(?,?,?,?,?), ref: 00849DB3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileInformationVolume
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2893123674-0
                                                                                                                                                                                                                • Opcode ID: 09aba5b0084e626d14fb6af40300c8938f3beff52caa93f53da5cf8348618355
                                                                                                                                                                                                                • Instruction ID: 51b5f37880ce012c4b9cddac6cab9ba69e8e992e0d9d51322754741b553f0189
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09aba5b0084e626d14fb6af40300c8938f3beff52caa93f53da5cf8348618355
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8E08CA2A0835C7EE721564AAC0CEEB7F6CEBC27B4B048019F448D2140C260AC40C2B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQueryKey.NTDLL(?,?,?,?,?), ref: 00849FDB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Query
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3850148591-0
                                                                                                                                                                                                                • Opcode ID: 94870bc5fff28557254f0437f540c0b2d17a079c1e4812f6e3839a3a1afab894
                                                                                                                                                                                                                • Instruction ID: 7f6646ba29c150098ecabfffe9e79b9467609279e85c6f44dd0eb819cbb7df11
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94870bc5fff28557254f0437f540c0b2d17a079c1e4812f6e3839a3a1afab894
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60E0ECA1A182587ED7209B5BDC0CEE77F6CEBC6BB1B148119F499D2110D660AC45D2B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtSetInformationKey.NTDLL(?,?,?,?), ref: 0084A29D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Information
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2951059284-0
                                                                                                                                                                                                                • Opcode ID: 5469c80e380a915c23a14dba3123e6002057699f147714aef80df5086a1b8908
                                                                                                                                                                                                                • Instruction ID: 5fd75892882ee577e40f3824f62ebb2a86c632d4fb9b103fc472facc85ffabd3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5469c80e380a915c23a14dba3123e6002057699f147714aef80df5086a1b8908
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20D05EE1A263387FE2145799EC0DEF77E5CDB857A0B008165B009D6010C2B16C40E2F1
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtOpenKeyEx.NTDLL(?,?,?,?), ref: 00849D81
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                • Opcode ID: df405365a547ce9530a7f2b5637da5b7fccfdfb7bb46d576adb47b3b6fc87459
                                                                                                                                                                                                                • Instruction ID: 7f99d5633a6bdc1e1f84ca04fecdf0d0b18f3407592418df1fa773940c23b60a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: df405365a547ce9530a7f2b5637da5b7fccfdfb7bb46d576adb47b3b6fc87459
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24D05EA1D152687EF72053999D0CEF33E9CDB853A4F808019F045D2041D2A06C40D2B0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                • Opcode ID: 0c6ac3aff2a4808de79e57ebfcc7da7b8e1086426c5262e52c52c2c00e4613ba
                                                                                                                                                                                                                • Instruction ID: e42900d0cb9c546be17bf9d65ad559a639b1d5d3f8939c72abbb688c94c52bf3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c6ac3aff2a4808de79e57ebfcc7da7b8e1086426c5262e52c52c2c00e4613ba
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07C04CD0E283447DFE655368DC0DFF7155DD7C2706F04914CB064C1094DA646C46E630
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Rijndael: Invalid key size - %d, xrefs: 0083303F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: Rijndael: Invalid key size - %d
                                                                                                                                                                                                                • API String ID: 0-1845578026
                                                                                                                                                                                                                • Opcode ID: 021e181608670fe101d56d31629d7cbc62ce5b12c9e9d8b481d8df4e3b45e2f1
                                                                                                                                                                                                                • Instruction ID: 18bb41d563bcec06512cf5fdd5f303c2b7f57fa428d775512b9b684521eb36ba
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 021e181608670fe101d56d31629d7cbc62ce5b12c9e9d8b481d8df4e3b45e2f1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BB17B30A0528A9FDF14CFA8C5906EEBBF1FF89300F6544A9D855EB306D631AB05CB91
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: CXNt
                                                                                                                                                                                                                • API String ID: 0-4091052137
                                                                                                                                                                                                                • Opcode ID: cd4134e412138f426eb5485ecf143fe34dbc784bc67334f5963611d364eb715d
                                                                                                                                                                                                                • Instruction ID: 07d3bafabd81b9fb07536efa545e205577556c51fc7a9fbfcd9b978df182aa5a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd4134e412138f426eb5485ecf143fe34dbc784bc67334f5963611d364eb715d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83610A76B153109BD314CE2AC8C156AF6F7BBC9724F19C62ED8A8873D5DA78DC0146C2
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • ZwQueryKey, unsupported class %d, xrefs: 008CC727
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: ZwQueryKey, unsupported class %d
                                                                                                                                                                                                                • API String ID: 0-3838701109
                                                                                                                                                                                                                • Opcode ID: 1c83d8cfa5c9ef1640783bc8131d7b21d223f33ea8f4d6863c4c6b601bc0fc67
                                                                                                                                                                                                                • Instruction ID: f50202c6a51ae6a68730f5b51b8d72f17fd46655e38ec0612af08579fb98433f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c83d8cfa5c9ef1640783bc8131d7b21d223f33ea8f4d6863c4c6b601bc0fc67
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D081D3B0A002099FDB40EF69D985BAAB7F5FB88310F658468E918DB356DB34DD008F61
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                • API String ID: 0-1993550816
                                                                                                                                                                                                                • Opcode ID: 236594d7cf771ad4728e792b6cdb8e7332326219e54438e1430718fed0e71a4d
                                                                                                                                                                                                                • Instruction ID: db489c489093f699385718e1df04010a0a432c23632049a3c4cb9bad217584c8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 236594d7cf771ad4728e792b6cdb8e7332326219e54438e1430718fed0e71a4d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF61D120D492EADBFF239EA84480BAEBFA6FF47704F1941F48C9893742D9650E058774
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                • API String ID: 0-1993550816
                                                                                                                                                                                                                • Opcode ID: 4c9fb3fc55cab9bff30b15f814d518bece0712888deebcd08c9f4481e5fdb401
                                                                                                                                                                                                                • Instruction ID: 09d6787b724d2a0d7f5ffd2faf11389920622da661874cb67ee65401b65c4fe2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c9fb3fc55cab9bff30b15f814d518bece0712888deebcd08c9f4481e5fdb401
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9061B124D442EADAFB139EA84444BAEBFA6FF57304F2941F48C9893A42D9654E05CB70
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                • API String ID: 0-1993550816
                                                                                                                                                                                                                • Opcode ID: 093a12a4e8147ca19d99fe54dc26c841064e5195f0f145e6545058b3510afefe
                                                                                                                                                                                                                • Instruction ID: 7e6917642f7769c182a108f2f666f61469fc537e31b3d5abc2c88c876f312c93
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 093a12a4e8147ca19d99fe54dc26c841064e5195f0f145e6545058b3510afefe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8061D360D442EADEEB139EA84450BAEBFB6FF13314F1901F48C9893A42D9654E46CB71
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: ?@
                                                                                                                                                                                                                • API String ID: 0-550213541
                                                                                                                                                                                                                • Opcode ID: 3192283f2a69f34ab1c03ff42c25631d3c22c684292b6a91f31d9fbea9b7ed68
                                                                                                                                                                                                                • Instruction ID: ff34ec9633f9bcdccdd85f0f28dcd30bde5c5345740c33a3a4eaa6f6ee7a3723
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3192283f2a69f34ab1c03ff42c25631d3c22c684292b6a91f31d9fbea9b7ed68
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 535143759083618BC724CF59C8616ABB7F1EFC6318F048A1CE8D69F790E3789901CB96
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: T
                                                                                                                                                                                                                • API String ID: 0-3187964512
                                                                                                                                                                                                                • Opcode ID: 84575df33d780a879f86819306e5745679cd8990a08dcf010a94352041c3732b
                                                                                                                                                                                                                • Instruction ID: 6c77d0009e881b56896dc05dce11b97dcb3a990b8d845ab3c8f7c61818e9ee82
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84575df33d780a879f86819306e5745679cd8990a08dcf010a94352041c3732b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB41E972B0D7514BC3158E79888025EBBE25BC5224F19CA3EE8F987382D678C945D792
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: AuthenticAMD
                                                                                                                                                                                                                • API String ID: 0-1824591176
                                                                                                                                                                                                                • Opcode ID: b8d81cf411ef0b648b14e1905530b407bd95ee0eab54fbd126a253c43aeded5f
                                                                                                                                                                                                                • Instruction ID: 1d04003e3008eeb2d7c041268a69a6d91d0299e084b651a4bb0684f9188cb22d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8d81cf411ef0b648b14e1905530b407bd95ee0eab54fbd126a253c43aeded5f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 934191B1608A06ABE704DF58C841398F7A1FF89300F55C629E918C7B42D778E911EB81
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 1c09111de50a095d1ec12d6c5143f52d37e81d3701cf87b2987d49250879b985
                                                                                                                                                                                                                • Instruction ID: 3585f27532ecaa8fe0f66d163f1307988d3bd7ad2a4c65b93ce041c097e7cf58
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c09111de50a095d1ec12d6c5143f52d37e81d3701cf87b2987d49250879b985
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5725AB0609B818ED365CF3C8845797BFE5AB5A324F144A6DE0EE873D2C7756001CB66
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: d7f53491d8d61118d73d195215c756c99126e7ecee935eb747da5753871f91b3
                                                                                                                                                                                                                • Instruction ID: 161ffcfbe4f3a1e394abf08295c4160452b728f79d1952f6ac4e3132fcdc9a65
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7f53491d8d61118d73d195215c756c99126e7ecee935eb747da5753871f91b3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E52D3715087519FCF14CF28D0D06AAB7E2FF88314F1986ADE8899B24BD738E945CB81
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 16599b7a5a8889f8c609bfb049c2cd2ea9b9c1b4d0a12d5e129e83fdc7f9c997
                                                                                                                                                                                                                • Instruction ID: 515d5e56213f427b0a7984f1a5a7d91870725e9ea240ee799e352b427331765e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16599b7a5a8889f8c609bfb049c2cd2ea9b9c1b4d0a12d5e129e83fdc7f9c997
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF6216B0615B819FC369CF39C8417A3BFE9AB9A300F14896EE0EAC7752C735A541CB51
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: e71b22472ef023d2421b63056abee6f70116adade2d08409bfad1020a919d524
                                                                                                                                                                                                                • Instruction ID: 19a8783434af410d361c66188de107c0c0b109e02f8e1a58ab6c20ff959f5089
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e71b22472ef023d2421b63056abee6f70116adade2d08409bfad1020a919d524
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D352D3B0A08B849FFF35DB28D4847A7BBE1EB91314F14482DC6EB06686D37DA985C711
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 11d80690fdf4259830faab5a39099e092580fc7f4cabb8d45c9c9d2413e05e55
                                                                                                                                                                                                                • Instruction ID: 8eb2576f6b3c40b826259129ced308e043b0d73749c0dd8eb0d6f6cfec804509
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11d80690fdf4259830faab5a39099e092580fc7f4cabb8d45c9c9d2413e05e55
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7522E635A093119BCB25DF18E9816BBB3E1FFD4315F19892DD9C687281E738A851CB83
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 73c66f0b5b8dd4a64d91c8de594cef1c4e7ad240ed3c470437466cbf8add6c77
                                                                                                                                                                                                                • Instruction ID: ce334fd8d1ea9d00c41d27f1b644022443c511d0bc86e8dd38a06872f3826499
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73c66f0b5b8dd4a64d91c8de594cef1c4e7ad240ed3c470437466cbf8add6c77
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 113201B0514B108FCB68CF29D69052ABBF2FF45710B604A2ED6A787B91D73AF944CB10
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 01faea197d265599e55a7e061e6792f5d8b7687ec804ff1040c3321f783e5ba3
                                                                                                                                                                                                                • Instruction ID: 6c77ce14c3ad0a2e95093c7b5cfc3c8348652a03334d755918208c87bd360713
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01faea197d265599e55a7e061e6792f5d8b7687ec804ff1040c3321f783e5ba3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BFE149766087108BD318DB298C8056BF7B2ABC5334F19872EE9A9573D1EA79EC01C7D1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 88f41d0fb63670bc0ee43073e6411494e60f3f6230ab523996cd7770f3b2b1d6
                                                                                                                                                                                                                • Instruction ID: ec55c8a59ec72b622ad5d414296dadbe2c7a5e9dba61730957506e5e694b90b9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88f41d0fb63670bc0ee43073e6411494e60f3f6230ab523996cd7770f3b2b1d6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCF1F3366493508FC318CF38D4D066ABBF2ABCA304F19C9ADE4998B355DA38DD05CB56
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: d8aebe3345a2fca42dbd08b3227348af352de68b85bae5146a1254b775f697bd
                                                                                                                                                                                                                • Instruction ID: df52db5107c4e558ebf5a63ba7f5f777c803092028499b724ad1144f7d4147e7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8aebe3345a2fca42dbd08b3227348af352de68b85bae5146a1254b775f697bd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34221775A44209AFEB04DF68C985FAEB7B6FF88700F148069F904EB281D674ED51CB61
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 20a0791e41e3cb29a59acca13eb35bd5dbe159e4174624b06575f29e4f34ca28
                                                                                                                                                                                                                • Instruction ID: 63e67197f510d1b8e7208cb49bbf9241e2d138d905165349d2c775197114f750
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20a0791e41e3cb29a59acca13eb35bd5dbe159e4174624b06575f29e4f34ca28
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1F1E236649250CFC318CF38D8D066AB7F2EBCA314F19C9AED4898B365DA38D805CB55
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: c8271c2c771bbdee8b9bb0fb383d57ff12b25db07a300e67c9f54e12140ada8c
                                                                                                                                                                                                                • Instruction ID: 86f52f1dd23254a217d579480ce98c3c109873eedd29620e852dd7c4daf65ff5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8271c2c771bbdee8b9bb0fb383d57ff12b25db07a300e67c9f54e12140ada8c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2012C0F1905B40AFD3A0CF3AC842797BEE9EB4A360F14491EF5AEC3241D63564458BA6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 6bc248819c19de741cd7e0f3a37a8d5ec16496fa13b0612be93dde39cb6a8752
                                                                                                                                                                                                                • Instruction ID: 64da2f3a6096be0d76df7f5d3d732f52508f563bf84152e18944465358a1e79f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bc248819c19de741cd7e0f3a37a8d5ec16496fa13b0612be93dde39cb6a8752
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EE15B74A04609DFCB10EFA8C98599EF7F6FF48300B2186A5E915E7362DA34ED41CB51
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 9904ee772999ff48cd9e0b982b1bd68593656c01807115957e37071e01b2c2e4
                                                                                                                                                                                                                • Instruction ID: 1438bf6a803ef1fad0e271f467d67655444865d5125625eaa62bbc32f2b5c7f7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9904ee772999ff48cd9e0b982b1bd68593656c01807115957e37071e01b2c2e4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8E18A712083458FCB25DF29D880A6BBBE2EFA9300F444C2DF5D987752E635E944CB92
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 852bc59903f7cd43c23497ad2c8cb782c34d8365f25f5a6d2ff17146634dd37f
                                                                                                                                                                                                                • Instruction ID: d8fbc46422edbf0d6c0eedb827977ab0304e44e3e399f2215b8b3400bc17b02f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 852bc59903f7cd43c23497ad2c8cb782c34d8365f25f5a6d2ff17146634dd37f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90A13D726086514FC716CE28C8903AEBBD2AB85314F1DC67DE8E99B382D638D906D7D1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1306676816.0000000002F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2f10000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: f5fe37659a099806082af087c6a2e7a793a8889fe07e524303ba76adf2d46b13
                                                                                                                                                                                                                • Instruction ID: 3345e3341918b4229adde383054d5a903235ea861276e414b58b248bc68d5589
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5fe37659a099806082af087c6a2e7a793a8889fe07e524303ba76adf2d46b13
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4A11B6644E3C58FC7138B744DA11A17FB5AE0326836E41DBC5C2CF8B3D21A595ECB62
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 5dce3a567dcb808c6166066a128f362f76289d549f70b881eafd995fbb7b818e
                                                                                                                                                                                                                • Instruction ID: 1576aa34fc85d9fca8a159ee47416ad5723416c44935f2b7368c451f85419008
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dce3a567dcb808c6166066a128f362f76289d549f70b881eafd995fbb7b818e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7B16E30A00604DFCB16DB68C995AADB7F1FF59300F6580A1E448EB365EB34EE50DB51
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: ac1e9278cb93e7961da154a96406555c9874feea06dfedde45e316b0cec1005d
                                                                                                                                                                                                                • Instruction ID: 6f5ae8ddcd95a7424f1b31a988a4f4a5e0415a4e253155f7d0289b10f17dbf74
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac1e9278cb93e7961da154a96406555c9874feea06dfedde45e316b0cec1005d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2910937B066904BC7188D7C4C913A9AA636BDA330B3DD36AD9759B3D5C97A5C0283A0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 6926797d3e96c6c922e2ab4f6ab8c73af69913f527a63999245fe98107180ef0
                                                                                                                                                                                                                • Instruction ID: 53068f7b41c39d9ed7f93a19abd3c518a3ad82337a9b5795760481a6fa09c8fd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6926797d3e96c6c922e2ab4f6ab8c73af69913f527a63999245fe98107180ef0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB916B71E043198FDB00DF98E981AAEBBB5FB88320F114529E815F7391C674AD46CBE1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 50188f200807cdaeb30c96c175b92de42c02f6e560b356d8f857f8bba49f3a39
                                                                                                                                                                                                                • Instruction ID: fb9c4662c8801eef26698d8acdc2687f26e4ec3ab3956c3bb7b68c06f54d2ce7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50188f200807cdaeb30c96c175b92de42c02f6e560b356d8f857f8bba49f3a39
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE81E731A00108AFDB08DFADD9C1E9EB3FAFF44301F2081A5E904DB266DA71EE459B55
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 227f60fc927f7177e3bc2fb7a67050f42556147566bd878097e3398af3844dcf
                                                                                                                                                                                                                • Instruction ID: f4357240ebcca7bc8e3b8b678cce17940c0292c695a62de39823f8d5e0f2039b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 227f60fc927f7177e3bc2fb7a67050f42556147566bd878097e3398af3844dcf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42515DB15087548FE314DF29D89435BBBE1BBC8358F444A2EE4E987351E379DA088B82
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: facd014c2e33ab1fc63555eefe9942f80009d27f05babb70f28f1008a15450a3
                                                                                                                                                                                                                • Instruction ID: e05530ecef14c07ea31449148a8466725942d09140c0631c39a1c106ac65c8ec
                                                                                                                                                                                                                • Opcode Fuzzy Hash: facd014c2e33ab1fc63555eefe9942f80009d27f05babb70f28f1008a15450a3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8161921921417682DB24AFADD18426177A1FFA8B00B1056E6DC6ADF63FF370C8D1C7A9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 7660f5dda2f10b892d2d747a254a3f2e5269969d0f4098e580ff3e5d3b618b7e
                                                                                                                                                                                                                • Instruction ID: dc3f0798b16218823f5bf773ba24459683ffbb0ce2681211e68bf19699fb572c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7660f5dda2f10b892d2d747a254a3f2e5269969d0f4098e580ff3e5d3b618b7e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2541EC6C101A47DAC310AF64C4415E6F7B1FFA9710740C625E9A9D7B24F334E8A6CBA5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 99592dd2673f2bfa13e198a76fea079bbb98715a8f887e9f9cedd6e93f9b3fb4
                                                                                                                                                                                                                • Instruction ID: 3f882fcc120a788a2917d38c573f943ad275a17f0c241c455ce8bd67c9085d43
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99592dd2673f2bfa13e198a76fea079bbb98715a8f887e9f9cedd6e93f9b3fb4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7841FC6C100A47DAC310AF64C4416E6F7B1FFA9710B40C625E8BDD7B24F334A8A5CBA5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1306676816.0000000002F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2f10000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 3529338aa80b900f968e71c7e1394a8ed7b3d2dbaaefa95220502ed2180fc2ab
                                                                                                                                                                                                                • Instruction ID: 42c76929eb2372f4740efe68096f20800242f022f681c90c03776fe3a98e1518
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3529338aa80b900f968e71c7e1394a8ed7b3d2dbaaefa95220502ed2180fc2ab
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9411D072742100FFEB05AB89CC98FAA77B9EB957D1F1541A5FD0ADB281D33198009FA0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1306676816.0000000002F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2f10000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: f1278102fc57a74dddaa697d13edb9c1f088bbd92efa61ff6b7009e3050cd82b
                                                                                                                                                                                                                • Instruction ID: 2718f15b9b30dd261cb9b25553a7b1ccd1fa25c856f4e646eecebe0171a6896c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1278102fc57a74dddaa697d13edb9c1f088bbd92efa61ff6b7009e3050cd82b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F11C272742210EFE7146B1ADC18F6B7BB8DB95BD1F054069F90ADB392C67198009EA0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1306676816.0000000002F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2f10000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 293d3667edd61fd6912bc231452145773eea827c6fd9419a239f29444615286a
                                                                                                                                                                                                                • Instruction ID: 35f97b407097fb37f271ffc21fb4f24e3e1de37aa821cf2407e4f7af73121b8f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 293d3667edd61fd6912bc231452145773eea827c6fd9419a239f29444615286a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C115A3649C2D19FCB97CF7484A5183BFB6AE4B2083AB60DEC4C14F423C2639446CB41
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: a669614b251a71a3be99bad3ff6ad9f3dc4009420f19a32a7b34a5be78e14eb6
                                                                                                                                                                                                                • Instruction ID: 7eae22ed57b87ff5fac4edf88ca71b1cd44a447b0066df3513aef253dbe48b6f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a669614b251a71a3be99bad3ff6ad9f3dc4009420f19a32a7b34a5be78e14eb6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56F02E3672625A1BAB10EDAAFCC0D7BB395D7CD754B14413DE585D3202D479E80392D4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 699039870cb33442d1a4fa21481bbe1e7a2f0d085c6e2806cd73b173b10ae215
                                                                                                                                                                                                                • Instruction ID: b4a20614a495ea931ef139da42631149ceb63729361491b80045f5ee7a58e2ad
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 699039870cb33442d1a4fa21481bbe1e7a2f0d085c6e2806cd73b173b10ae215
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9E0C266B056610BAB18CD7548A01B7B7E59AC7222B1CA56DD492D3209D22CC8055294
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMonitorInfoA.USER32(?,?), ref: 0084D2A9
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 0084D2E5
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 0084D2F0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MetricsSystem$InfoMonitor
                                                                                                                                                                                                                • String ID: DISPLAY$GetMonitorInfo
                                                                                                                                                                                                                • API String ID: 4250584380-1633989206
                                                                                                                                                                                                                • Opcode ID: fa7ee41123c21f653eb1805be1494b9d45bad7e3e6a1edef8c2edd0550ad16f7
                                                                                                                                                                                                                • Instruction ID: 4cb3be00cf291fb1594f008078c15d220787b23226c09328001a6104d061d366
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa7ee41123c21f653eb1805be1494b9d45bad7e3e6a1edef8c2edd0550ad16f7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C11D035A157099FD720CFA58C44BB7B7E9FB49310F40452AFD4AD7351E6B0A8448FA2
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • EnumDisplayMonitors.USER32(?,?,?,?), ref: 0084D52D
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 0084D552
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 0084D55D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MetricsSystem$DisplayEnumMonitors
                                                                                                                                                                                                                • String ID: EnumDisplayMonitors
                                                                                                                                                                                                                • API String ID: 1389147845-2491903729
                                                                                                                                                                                                                • Opcode ID: 3154c301c5219cc70e632d7c7179e39e5933588a238003d6f77212bd8ec39a96
                                                                                                                                                                                                                • Instruction ID: eaf73d10178b0142a8a681a21a5b53815a2cd0e864938342dae1b50cdbc5bdbe
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3154c301c5219cc70e632d7c7179e39e5933588a238003d6f77212bd8ec39a96
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B311972A0420DAFDB11DFA89985AFFB7BCEB49304F014126F915E3251EB34D9058FA1
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 0084D3B9
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 0084D3C4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                                                                • String ID: DISPLAY$GetMonitorInfoA
                                                                                                                                                                                                                • API String ID: 4116985748-1370492664
                                                                                                                                                                                                                • Opcode ID: 39c68652978fbd33d3f6f59641e49487cbba169874882eb3c2f3e66c28df0813
                                                                                                                                                                                                                • Instruction ID: a410eb81c7ddfda0a5feb6fc2a82cc96822e3396e898f37499c07ca69a1beaa9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39c68652978fbd33d3f6f59641e49487cbba169874882eb3c2f3e66c28df0813
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A411AC7261430C9FD7208F64DC48BABB7E9FB45310F00452EF946D7350E7B1A8048BA6
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 0084D48D
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 0084D498
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                                                                • String ID: DISPLAY$GetMonitorInfoW
                                                                                                                                                                                                                • API String ID: 4116985748-2774842281
                                                                                                                                                                                                                • Opcode ID: c961d9cbbaa8695e74a52fc67a05d32f0d9d604cac334da895316e2eacbc63ae
                                                                                                                                                                                                                • Instruction ID: d93a0f8a9673fc3d83f047751eaae9e11e3d5592d7364aa7c84518ab14265ac8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c961d9cbbaa8695e74a52fc67a05d32f0d9d604cac334da895316e2eacbc63ae
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7611D031611708AFD720CFA49C447A7B7E8FF46B11F01452AFD4ADB290D7B0B8458BA9
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 0084D22E
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 0084D240
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                                                                • String ID: MonitorFromPoint
                                                                                                                                                                                                                • API String ID: 4116985748-1072306578
                                                                                                                                                                                                                • Opcode ID: 03eea1606ec52550b119d3545b93cc80d9943352b443b20b4e7641867d1eed92
                                                                                                                                                                                                                • Instruction ID: 056219343f973261b168174c6bc1824c508d61660bcd1720adda4a3c74bd6247
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 03eea1606ec52550b119d3545b93cc80d9943352b443b20b4e7641867d1eed92
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53014F3130831CABDB004F94DD44B99BB55FB95764F508025F919DB261C2B1EC45DB61
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 0084D109
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 0084D115
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1305208044.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305188626.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000791000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.00000000007E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.000000000093B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1305208044.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_790000_nogtpjadthaw.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                                                                • String ID: MonitorFromRect
                                                                                                                                                                                                                • API String ID: 4116985748-4033241945
                                                                                                                                                                                                                • Opcode ID: d50a202ddf05938f3b6f65ad9930afdbdae681ec03df2f11b8ae90226e818fe9
                                                                                                                                                                                                                • Instruction ID: 5a62d81a3de63a1ac5a25fa3f19955ab42f654119f0a088989f81787d40c2f02
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d50a202ddf05938f3b6f65ad9930afdbdae681ec03df2f11b8ae90226e818fe9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F601AD3260820C9FEB108B18D989BA6F7A9F784315F548056FD06EB212D275DC409FA1